--- In [email protected], Dick Russel <[EMAIL PROTECTED]> wrote: Well, it goes a bit strange..;)
I input <C:\Windows\system.ini> and pass it to the script that contains your variant: echo nl2br(htmlentities($_POST['text' ])); And I get: C:\\Windows\\system.ini And this is from my php.ini ; Magic quotes ; ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_runtime = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \'). magic_quotes_sybase = Off I've checked your script at several servers and got the same result. They all run PHP 4 or 5 and have magic quotes disabled. Please, gimme some links to your servers to see how does it work.
