It's good practice to do it for & (&) and " (") in the text all the
time (HTML or XHTML).

Also be aware of em-dashes, en-dashes, epsilons (...) and the curly
varieties of " and ' (which I hate and always strip back to the plain text
version).

If it's your own blog software, make sure to replace them as you output the
formatted text. I'm sure there's a PHP function (?) that does this
conversion on a string for you.

Not wanting to go OT here but in CF I generally run this function over all
inputs to a content database:

        function InputClean(string)
        {
        returnstring = Trim(string);
        returnstring = Replace(returnstring, '-', '-', 'all');
        returnstring = Replace(returnstring, '-', '-', 'all');
        returnstring = Replace(returnstring, '.', '...', 'all');
        returnstring = Replace(returnstring, '"', '"', 'all');
        returnstring = Replace(returnstring, '"', '"', 'all');
        returnstring = Replace(returnstring, "'", "'", "all");
        returnstring = Replace(returnstring, "'", "'", "all");
        return returnstring;
        }

And this one on output to the page

        function OutputFormat(string)
        {
        returnstring = Trim(string);
        returnstring = Replace(returnstring, '&', '&', 'all');
        returnstring = Replace(returnstring, '"', '"', 'all');
        return returnstring;
        }

As mentioned before, also make sure you do it if you're dynamicly building
URLs with a querystring
(e.g. "/blog.php?id=#something#&method=#somethingelse#")

Sorry, I don't do PHP. Someone else may have a PHP solution for you.

P


> Its an & in text, not in a URL or anything - I didn't realise this posed a
problem.
> :(


*****************************************************
The discussion list for http://webstandardsgroup.org/
***************************************************** 

Reply via email to