It's good practice to do it for & (&) and " (") in the text all the time (HTML or XHTML).
Also be aware of em-dashes, en-dashes, epsilons (...) and the curly varieties of " and ' (which I hate and always strip back to the plain text version). If it's your own blog software, make sure to replace them as you output the formatted text. I'm sure there's a PHP function (?) that does this conversion on a string for you. Not wanting to go OT here but in CF I generally run this function over all inputs to a content database: function InputClean(string) { returnstring = Trim(string); returnstring = Replace(returnstring, '-', '-', 'all'); returnstring = Replace(returnstring, '-', '-', 'all'); returnstring = Replace(returnstring, '.', '...', 'all'); returnstring = Replace(returnstring, '"', '"', 'all'); returnstring = Replace(returnstring, '"', '"', 'all'); returnstring = Replace(returnstring, "'", "'", "all"); returnstring = Replace(returnstring, "'", "'", "all"); return returnstring; } And this one on output to the page function OutputFormat(string) { returnstring = Trim(string); returnstring = Replace(returnstring, '&', '&', 'all'); returnstring = Replace(returnstring, '"', '"', 'all'); return returnstring; } As mentioned before, also make sure you do it if you're dynamicly building URLs with a querystring (e.g. "/blog.php?id=#something#&method=#somethingelse#") Sorry, I don't do PHP. Someone else may have a PHP solution for you. P > Its an & in text, not in a URL or anything - I didn't realise this posed a problem. > :( ***************************************************** The discussion list for http://webstandardsgroup.org/ *****************************************************