Hey,
I have this function to clean data upon writing to the database…
function ValidateInput($value) {
$value = mysql_real_escape_string(strip_tags(trim($value)));
return $value;
}
Someone has managed to insert a peice of javascript with the above function wraped around the variable? Have I missed something?
Thanks