It took me a lot of trial and error to get text from an HTML form into MySQL to
account for quotation marks being entered. I came up with the following. It
works fine but I was wondering if this is the best way. Here are the relevant
snippets:
1) User enters data via post.html:
<form method="POST" action="post_confirm.php" name="form">
<textarea NAME="comments" ROWS=4 COLS=60 onkeyup="textLimit(comments,
800);"></TEXTAREA>
<input type="submit" name="Submit2" value="Submit" onClick="return
validate(form)">
</form>
2) User is presented with the confirmation form post_confirm.php:
Strips html tags, and displays without the slashes that PHP puts in:
<?php $comments=stripslashes(strip_tags($_POST['comments'])); ?>
Displays the user comments:
<?php echo $comments; ?>
If ok, user sends it to be posted:
<form method="POST" action="postnotice.php">
<input type="hidden" name="comments" value="<?php echo
htmlspecialchars($comments, ENT_QUOTES ); ?>">
</form>
3) Stuff is posted in MySQL via postnotice form:
<?php $comments=addslashes($_POST['comments']); ?>
Better way or OK?
TIA -
jon
--
jwayne@_myrealbox_no_spam.com