orange08 Posted June 18, 2009 Share Posted June 18, 2009 in my case, i'll save the user input from a form into database without using htmlentities() on the input. then, when the data being displayed, i'm only display it with htmlentities()... but, then i'm thinking about one problem...in my form, for each of the field, i'll echo the user input in a session variable, so that when the user return to the page again(due to validation check), then user don't need to reenter all the fields again. so, in this case, should i use htmlentities() for displaying my session variable or not? e.g <input name="title" value="<?php if(!empty($_SESSION['title']))echo $_SESSION['title']; ?>"> the above code is within a form... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.