It took me a lot of trial and error to get text from an HTML form into MySQL to
account for quotation marks being entered. I came up with the following. It
works fine but I was wondering if this is the best way. Here are the relevant
snippets:
1) User enters data via post.html:
<form method="POST" action="post_co nfirm.php" name="form">
<textarea NAME="comments" ROWS=4 COLS=60 onkeyup="textLi mit(comments,
800);"></TEXTAREA>
<input type="submit" name="Submit2" value="Submit" onClick="return
validate(form)" >
</form>
2) User is presented with the confirmation form post_confirm.ph p:
Strips html tags, and displays without the slashes that PHP puts in:
<?php $comments=strip slashes(strip_t ags($_POST['comments'])); ?>
Displays the user comments:
<?php echo $comments; ?>
If ok, user sends it to be posted:
<form method="POST" action="postnot ice.php">
<input type="hidden" name="comments" value="<?php echo
htmlspecialchar s($comments, ENT_QUOTES ); ?>">
</form>
3) Stuff is posted in MySQL via postnotice form:
<?php $comments=addsl ashes($_POST['comments']); ?>
Better way or OK?
TIA -
jon
--
jwayne@_myrealb ox_no_spam.com