[Ryan Bailey]

Hi there,

I have tried to replicate the PHP validation forms from examples 11-10 and 17.3 however in both cases the programs are allowing me to enter characters such as "> , < , / " and are then outputting these characters in the results.

I'm also slightly confused by example 11-10 which used the code from example 11-9, does $var simply relate to any variable in the POST array? The variable $var only appears in the sanitizeString function and nowhere else in the program.

Thanks in advance to anyone that can help.

Ryan

[Ryan Bailey]

I think i've "solved" my problem. The result i'm getting is exactly how it should be. HTML entities does not strip out HTML entity characters in the same way that stripslashes does it just alters them so they are not interpreted as html code. If the function had not worked then in my output would have been a URL instead of just the text I entered. Also by viewing the source code of the page I am able to see that the function has worked.

I only write this response just in case anyone else was a stupid as me... )

I'm still not sure about end of example 11-10 though:

function sanitizeString($var)
{
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
}

I guess $var represents any variable that is passed to the function but is $var a special term