From 0fe30236fac3c00ff123b9d48cc0b4b2ff6a7746 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Wed, 18 Aug 2010 11:42:08 +0200
Subject: [PATCH] Document PMA_sanitize.

---
 libraries/sanitizing.lib.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php
index abac19da9..3ba7224b9 100644
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -7,11 +7,20 @@
 
 /**
  * Sanitizes $message, taking into account our special codes
- * for formatting
+ * for formatting.
+ *
+ * If you want to include result in element attribute, you should escape it.
+ *
+ * Examples:
+ *
+ * <p><?php echo PMA_sanitize($foo); ?></p>
+ *
+ * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
  *
  * @uses    preg_replace()
  * @uses    strtr()
  * @param   string   the message
+ * @param   boolean  whether to escape html in result
  *
  * @return  string   the sanitized message
  *