I am just putting the finishing touches to a comment system. It uses Asynchronous HTML over HTTP to send a comment (GET request) entered into a text area.
My question is, should be escapeing / encodeing this string before it is sent? I am concerned a user might enter some characters that might break the query string, and therefor not be able to submit their comment (I hope that makes sense).
Ah yes thats the one I had in mind - I used it last year and couldnt remember the name.
Just one other question for you. On facebook when you enter say a comment into your status or wherever, it remembers formatting such as horizontal space between paragraphs, and I was wondering how do they acehive this?
In the past when ive written comment systems it just ends up as one big string !