php_guy Posted February 5, 2011 Share Posted February 5, 2011 When sending data via $_POST for example, I've seen the data get filtered with both mysql_real_escape_string or htmlspecialchars When should you use one or the other? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 5, 2011 Share Posted February 5, 2011 It really depends what you intend to do with the data. If it will be inserted into a MySQL database, then mysql_real_escape_string, if it's being redisplayed, then htmlspecialchars or htmlentities and/or strip_tags. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.