Using escape on a registering form?

[takn25]

Hi, I have a site where users can register etc. I was wondering should I use mysql_real_escape_string() for the elements on my registration form example email, name and so on or is it no necessary?

One more question could some one tell is this the proper way to use it before inserting into the database.

 

$name=$_POST['name'];

 

mysql_real_escape_string($name)

 

?

[kenrbnsn]

You should always validate all user input. At the very least use the mysql_real_escape_string() on any user inputs that are strings and that will be used in a mysql query.

 

Ken