I think I know what you mean and yes this would be correct as allowing it to be redone into html could render you to XSS cross scripting attacks.
I think this would be the way to go in reviews.php add the line in bold which just translates quotes and thats all
if ( VB35 == "on" ) $ereviews = htmlspecialchars($ereviews);
else $ereviews = htmlspecialchars(convert_markups($ereviews));
$ereviews = str_replace( "\"", """, $ereviews);
Last edited by Chuck S; September 6th, 2005 at 06:42 PM.