Hi All,
Usually I do an HTML_special_chars() / HTML_entities() encoding decoding on my userinput.
Now I am using a pre-build javascript, which messes up my vars, so I cannot use it (Unless I want to figure out 1000+ lines of javascript). I was wondering: How much damage can still be done if I do this before entering the data into the database? I have the feeling that the addslashes wil prevent all options to do an SQL insert? :
function encode($text) // Will add slashes and HTML linebreaks to variables submitted by user
{
if (!get_magic_quotes_gpc())
{
$uittext = addslashes($text);
}
else
{
$uittext = $text;
}
return $uittext;
}
