>"Chris W. Parker" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]>01.ati.local... >Torsten Roehr <mailto:[EMAIL PROTECTED]> > on Wednesday, June 30, 2004 10:03 AM said: > >> 1. get data from DB >> 2. convert for valid HTML output (stripslashes(), htmlentities()) >> 3. output as HTML (into the form elements) >> 4. get POST data >> 5. escape POST data and insert into DB again > >two comments: > >first comment: > >re: #2. why stripslashes()? if you've properly escaped your data before >the INSERT the slashes should be non-existant on the way out should they >not?
Correct. My fault. > >second comment: > >you forgot #4.5 *validate* data to your specifications Correct also. But I was focusing in the quote problem ;) Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php