$v) { $v = htmlspecialchars($v); //echo "$v
"; $v = mysql_escape_string($v); //echo "$v
"; // $v = htmlentities($v); //echo "$v
"; // if (preg_match('/([\'"`\'])/', $v, $match)) if (preg_match('/([\"`])/', $v, $match)) { print "sorry get has illegal char '$match[1]'"; exit; } $$k = $v; } foreach ($_POST as $k => $v) { $v = htmlspecialchars($v); //echo "$v
"; $v = mysql_escape_string($v); //echo "$v
"; // $v = htmlentities($v); //echo "$v
"; if (preg_match('/([\'"`\'])/', $v, $match)) { print "sorry post has illegal char '$match[1]'"; exit; } $$k = $v; } ?>