07.06.2010, 15:27, "Michael Tiernan" <mtiernan@xxxxxxx>: > On 6/5/10 8:39 AM, Denis Ovsienko wrote: > >> interpreted as a part of the so called "prepared statement" syntax > > I'm still looking through the code to try and identify the culprit. > > Just to make sure, is the text in the comment box being processed by " > |PDO::quote()" before it is stored? | No it is not, because HTML escaping already escapes both types of quotes in the text. -- Denis Ovsienko