Miguel Gea Milvaques <xerakko@debian.org> writes: > function sanitizeString($string) { > $string = str_replace("'", "", $string); > + $string = str_replace("--", "", $string); > $string = str_replace("<", "", $string); > $string = str_replace(">", "", $string); > $string = str_replace("/*", "", $string); > $string = str_replace("*/", "", $string); > $string = str_replace("\"", "", $string); > - $string = str_replace("--", "", $string); [Patch is reversed] Erm, this isn't really a fix. You still get one of the replaced character combinations if you use '\--'. Wouldn't it be more reasonable to replace these things with an escaped version? Marc -- Fachbegriffe der Informatik - Einfach erklärt 69: WWW World Wide Windows
Attachment:
pgpQO3y5n21N6.pgp
Description: PGP signature