> > Is that possible ?
>
> use mysql_real_escape_string() on saving.
>
> > Im thinking - If I do a preg_replace to remove all
> the
> > angled brackets - will that solve it ?
>
> use html_entities() on outputting.
Hmm - Im doing a test of this in a script - & its not
going correctly....
Heres the code :-
function quote_smart($value)
{
echo "<BR><BR>\nREADING '$value'<BR>\n";
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
echo "NEW ONE '$value'<BR>\n";
// Quote if not integer
if (!is_numeric($value)) {
echo "DO NOT INTEGER1 '$value'<BR>\n";
$value = "'" . mysql_real_escape_string($value)
. "'";
echo "DO NOT INTEGER2 '$value'<BR>\n";
}
echo "RETURN '$value'<BR>\n";
return $value;
}
Heres the output :-
READING 'Myname'
NEW ONE 'Myname'
DO NOT INTEGER1 'Myname'
DO NOT INTEGER2 ''''
RETURN ''''
Ive got the above script from the website :-
http://www.php.net/mysql_real_escape_string
example 3
Is this correct ? Or anything wrong ?
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
