Text input from a form

fabiuz

Hi,

may be it is a stupid question, I am gettind data into a db from a html form.

Before insert I am filtering data with:

$text = wordwrap($text, 80);
$text = htmlentities($text);

and sometimes I see that characters are converted into:

…

what is that ?

Typed into a html page is like ... but I cannot repeat the problem by typing such data in the form .... mistery ?!

Should I remove htmlentities and use it only to get out data from table ?

thanks

roger20

You only format the data when you come to present it, so save the data in the db as 'data' (as entered by the user).

Not sure why you need to wordwrap since the users browser will wrap the text into the available area. htmlspecialchars() or htmlentities() is a must though.

Also, for information take a look in the manual at magic_quotes, although the default php installation will take care of things like quotes and slashes (by magic!).

--
R