Hello all,

I am having the problem of my form erroring out when quotes and apostrophes are entered into the form field or text area.

What do you think is the best wat to rectify?

form field:
<textarea name="Comments" rows="8" cols="50"><?php echo stripslashes(ereg_replace('"','"',$webinfo31)); ?></textarea>

on confirmation page:
{$webinfo31=htmlspecialchars($_POST['Comments']);}

Will this work or is there a better way?

Thanks,
Matt

You're stripping slashes, you want to addslashes.

<?php echo addslashes($webinfo31); ?>

{$webinfo31=stripslashes($_POST['Comments']);}

Try this.

I have found the php code htmlspecialchars. I really like this as it does what I want on Guestbook comments. However, in other forms, I recommend using the <br> to go to the next line. The problem is that htmlspecialchars put's the data into the datase so that when the data is pulled onto a web page, the data shows the <br> and doesn't break right.

Geez, I have been doing alot of reading on this and you have to worry so much about hacker codes. I want something that works but will not make my database prone to hacking.

Matt

Use mysql_escape_string () before you insert it into the database, then stripslashes () when you get it back out.