Posted: Tue Sep 12, 2006 11:34 pm
Hi,
Does that mean doing something like:
adding:
$value = htmlentities($value);
Prior to using string replace on $value?
Thanks
Does that mean doing something like:
Code: Select all
function ValidateInput($value) {
$BBCode = array(
"<b>" => "[b]",
"</b>" => "[/b]",
"<u>" => "[u]",
"</u>" => "[/u]",
);
$value = htmlentities($value);
$value = str_replace(array_keys($BBCode), array_values($BBCode), $value);
$value = mysql_real_escape_string(trim(strip_tags($value)));
return $value;
}adding:
$value = htmlentities($value);
Prior to using string replace on $value?
Thanks