Chris W. Parker wrote: > Or in a less extreme case, your
computer get hijacked and used to send spam because you used htmlentities() instead of strip_tags().
Well, this is why I asked the question to begin with. I am concerned (as everyone _should_ be) about such things and desire to do my best to prevent them.
Now, as near as I can tell, strip_tags is the only thing one really needs to do to be safe.
But, one can use htmlentities to potentially preserve useful text, if it is important to do so and still remain safe - with the downside being having a messier body then may be necessary.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
