Posted by Josip Dzolonga on 04/05/05 02:03
Eric Gorr wrote:
> Shouldn't strip_tags be enough? What dangerous/annoying things might
> happen if I replaced htmlentities with strip_tags in the above
> function and then passed the body text to the mail() function?
Nothing, but with htmlentities() you can be sure if the user has tried
to inject something malicious :-).
--
Josip Dzolonga
http://josip.dotgeek.org
jdzolonga[at]gmail.com
[Back to original message]
|