Posted by Sergei Riaguzov on 07/24/07 11:10

On Tue, 24 Jul 2007 13:04:07 +0200, Rik wrote:

>> So I should just use htmlspecialchars(), not htmlentities() on strings
>> from POST right?
> If you want to display them as normal text, indeed. If you want to allow
> HTML then no.
No it should be just text. I ended up in:

htmlspecialchars(stripslashes($_POST["blabla"]), ENT_QUOTES);

Also </textarea> is changed to:

&lt;/textarea&gt;

nicely!

Thanx for your answers!

• Next in forum: Re: stripslashes vs quotes
• Prev in forum: Re: stripslashes vs quotes
• Thread view: Re: stripslashes vs quotes

[Reply to this message]