On Mon, Jun 30, 2003 at 18:22:59 -0400,
Jeff <jam(at)zoidtechnologies(dot)com> wrote:
>
> also, I would suggest running each of the variables through a function that
> strips out html tags (since you don't really care about allowing them in
> this case, right?).. you can do that with strip_tags.. see
> http://php.net/strip_tags
Wouldn't it be better to replace <, >, " and & with <, >, " and
&, resprectively since those characters could legitimately appear
in at least some of those strings?