(02-26-2014, 07:03 AM)icedlava Wrote: Hi Tim
(02-26-2014, 06:08 AM)Forums Wrote: This is due to the account description being incorrectly encoded for HTML special characters on line 321. Removing this should allow it to be saved and viewed correctly. Line 321 changes from:
htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8'),
to
$myrow[1],
Actually this is incorrect.
Line 321 is correct - you should always do this before displaying data as HTML.
Then I bow to your superior knowledge :-)
I had always understood that once the data had been "sanitised" it didn't need to be "re-sanitised" but I am just going off a few text books rather than any in depth knowledge.
Tim