- Use stripslashes to remove any added \ made by the php server
- Use htmlspecialchars to avoid any special chars being taken as html tags.
<?php
$yname = stripslashes($_REQUEST[you]);
$yourname = htmlspecialchars($yname);
$ynationality = stripslashes($_REQUEST[nationality]);
$yournationality = htmlspecialchars($ynationality);
?>
<html>
<head>
<title>This is an IO demo</title>
</head>
<body bgcolor=#88CCFF>
<h1>Input and Output</h1>
<table>
<form>
<tr><td>Please enter your name <td><input name = you value="<?= $yourname ?>">
<tr><td>Please enter your nationality <td><input name = nationality value="<?= $yournationality ?>">
<input type=submit>
</form>
</table>
<hr>
<?
if ($yourname){
print <<<END
Previous entry:<br>
<ul>
<li>name: $yourname <br>
<li>nationality: $yournationality <br>
</ul>
END;
}
?>
</body>
</html>
--
PeterJones - 08 Nov 2006