Posted by Rik on 06/26/06 18:44

Geoff Berrow wrote:
> Message-ID: <e11b7$449ff207$8259c69c$16278@news1.tudelft.nl> from Rik
> contained the following:
>
>> htmlspecialchars($string);
>>
>> Among others, it will replace '"' with '&quot;'
>
> Don't you need to do this?
>
> htmlspecialchars($string, ENT_QUOTES);

Default is ENT_COMPAT, which only translates double quotes, which would be
sufficient in this particular case. ENT_QUOTES will also translate the
single quotes, which is not strictly neccessary here, but might be a good
idea indeed.

Grtz,
--
Rik Wasmus

[Back to original message]