 | |
You should always allow for spurious or unusual user input that may go into forms and databases. Depending on how PHP is configured on the server will affect how you need to manage this, but *always* escape special characters. If magic_quotes are ON, this might have been automatically done for you. The following is a working example in use from the contact page: $email=htmlspecialchars(stripslashes($_POST['email'])); The sections to read up on, in conjunction with your NEXT :: | |