[eluser]rip_pit[/eluser]
[quote author="darrenm" date="1265932448"]
As a workaround, I've introduced a new function:
Code:
function fix_form_prep($str) {
$find = array('&','"',''',''','&gt','&lt');
$replace = array('&','"',''',''','>', '<');
return str_replace($find,$replace,$str);
}
I then call this after the offending htmlspecialchars in form_prep
Code:
$str = htmlspecialchars($str);
$str = fix_form_prep($str);
This is working, but it lack elegance for me - there must be a better way?
NOTE: the encoding on this forum has scrambled the above function a bit, but you should get the idea.[/quote]
i found a little bug in that function,
line : ,'&#039;','&gt','&lt'
should be : ,'&#039;','&gt
;','&lt
;'
I also had to add a new key, '&#39;', without the leading zero, to be converted.
here's the function including these fixes :
Code:
function fix_form_prep($str) {
$find = array('&amp;','&quot;','&#039;','&#039;','&gt;','&lt;','&#39;');
$replace = array('&','"',''',''','>', '<',''');
return str_replace($find,$replace,$str);
}