sqlite_escape_string() does not catch all HTML characters that may
conflict with a browser display. Notice the difference with the
custom routine below
<?php
$str = "Advoid! /slashes\, 'single' and these <too>";
$str = sqlite_escape_string($str);
echo "<br>$str<br>";
$str = "Advoid! /slashes\, 'single' and these <too>";
$str = clean($str);
echo "<br>$str<br>";
function clean($str) {
$search = array('&' , '"' , "'" , '<' , '>' );
$replace = array('&', '"', ''', '<', '>' );
$str = str_replace($search, $replace, $str);
return $str;
}
?>
Output:
Advoid! /slashes\, "single" and these
Advoid! /slashes\, 'single' and these <too>