When I'm retrieving data from a mysql database that is to be put into javascript (say an alert or document.write),if it's from a user inputed string I use addslashes to avoid causing any problems in the javascript.
Is there any method for escaping user created characters retrieved from a database that is to be included in HTML? My particular problem at the moment is apostrophes and double quotes. Addslashes deals with them in javascript, but obviously not in HTML.
I've done a search of the PHP functions in the manual with the word HTML to see if I could track anything down but I haven't found anything useful.
Can anyone help me out?
Is there any method for escaping user created characters retrieved from a database that is to be included in HTML? My particular problem at the moment is apostrophes and double quotes. Addslashes deals with them in javascript, but obviously not in HTML.
I've done a search of the PHP functions in the manual with the word HTML to see if I could track anything down but I haven't found anything useful.
Can anyone help me out?