Hello,
We have come across an issue using PHP/MySQL that most people may not be aware of.
When a user fills in a php form on a
website hosting, they can add some javascript code in a field and save the form. If this code is not converted/encoded and neutralised before it is saved, then when the data is viewed, it can execute and cause a real nuisance.
Unfortunately we had found this when it was too late.
This is just a consideration to bear in mind when building forms.
Cheers,