On Mon, Nov 7, 2011 at 12:55 AM, justin <jus...@justinhileman.info> wrote:
> And you'll want to escape the value of $variable2 ... It gets really > awkward if $variable2 includes </textarea> :) > > echo "<textarea name=example2 rows=10 > cols=50><?=htmlentities($variable2)?></textarea>"; Not just awkward: dangerous. This is the prime vector for cross-site scripting. Please always run any values you are including in an HTML page through htmlentities() or htmlspecialchars(). _______________________________________________ New York PHP Users Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/Show-Participation
