the Problem is that the edit box does it's own conversion.
When a user put's " < " into an edit box, if you just
put it back the same into the edit box it will show as " < ",
so you encode it as " < " and then it show's as
" < " exactly as the user typed it, fine.
When the user now submits the form again it, if you get
" < " you can not tell if the user
did nothing or if the user manually changed it to " < "
in the first case you don't want to reconvert it in the second
<input type="text" size=60 maxlength=60 name="title" value=" < ">
shows as "<";
Edit Boxes should not do any coversion and just show what
is in the string.
At 10:53 11/02/2000 -0500, you wrote:
>On Fri, 11 Feb 2000, Jeff Sinclair wrote:
>> Hi Edward,
>> Nice Idea but what if the user put's in "&"
>> you can't tell the difference between that and what came
>> out of the database. So if you convert it when going into the
>> database you get "&" and then "&amp" etc
>Um, isn't the the behaviour you want? Just keep tabs on whether it is
>encoded or not. It's kinda like dealing with URIs.
>Russell O'Connor roconnor@...
>``Paradoxically, a refusal to `put a monetary value on life' means that
>life is often undervalued.'' -- Artificial Intelligence: A Modern Approach