woopwoop

Thanks skinner.

I've been working with addslashes instead of preg_replace() to put a string as a page title.

This outputs the Japanese without any issue now that my earlier encoding problem is fixed. I wondered if addslashes is enough in this case?

I think that the worst that can happen is that the title may appear as
if there are single or double quotes used (which I can live with)

I tried htmlentities and mysql_real_escape_string but both gave errors in the title when using Japanese. But addslashes seemed fine - as long as it's safe.

These are all functions that I've used a few times in websites but I'd never really carried out a full security check.

__________________
Connect with me @ TW:LI:FB | MyWeb | D/L domains4sale | Morecambe London Student Forums Student Books UK promotions agencies

Skinner

Add Slashes will stop most Injection Methods, real escape is just a more SQL geared method.

Even if you ran all 3 and a replacement, you can't say its safe as someone will find a way if they really want to, so just take basic steps

I personally use htmlentities only where allowing html input by anyone other than me, I use real escape or add slashes for none-html code.

__________________
Browse: