Pete wrote

Yes I'm fine thanks I have been very busy, and you?

I am currently very busy (I'm working on a economic draft... at 3:30 am!)

Why is 'htmlspecialchars' used for field editing?

That's the question! The problem is to suppress the double quotes in the value statement of an html input tag, but using the 'htmlspecialchars' function here is not the solution: urlencode is far better (of course you have to urldecode that string in the script it has been passed to). [About Benjamin Gandon's message] ------ Fwd ------

The current version (in lib.inc.php3 1.56) is exactly mine (without my comments though :)) except one line that was added and that introduces a bug :

if($last_char == $in_string && $char == ")") $in_string = false;

The bug appears if you try to exec 2 SQL queries like that (from an uploaded file or directly in the query field because both are handled by the same code) :

INSERT INTO foo(id, text) VALUES ('1', 'I\'m sure that \')# will cause a bug'); INSERT INTO foo(id, text) VALUES ('2', 'Indeed \'); that\'s the case');

Have fun ;) Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif