- Code, Content, and Presentation
-- PHP Server Side Scripting
---- PHP Variable Substitution Tricks
- 9:40 pm on Nov 14, 2011
It should generally be the very last variable name to be processed so someone cannot insert one of your variables into their comment.
That's why I religiously process all user content through strip_tags() which cleans out any embedded HTML and PHP tags, plus some MySQL stripping as well.
Brought to you by