> Thinking a little deeper here, you say you are concerned about the character > type, yet you say that it is all assumed UTF-8. Is everything going to be > UTF-8 > or something else? > > If it is all going to be UTF-8, then the addcslashes() variation above will > work. >
It _should_ all be UTF-8 but I suppose that it is possible for someone to spoof a non-UTF-8 POST request. I do not want to take the development of a secure function into my own hands. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
