All strings are sprintf & mysql_real_escape_string before making it into any SQL - so that wouldn't be necessary.
Perhaps we just drop the html entities?
All strings are sprintf & mysql_real_ escape_ string before making it into any
SQL - so that wouldn't be necessary.
Perhaps we just drop the html entities?