rashidfarooq Posted April 27, 2011 Share Posted April 27, 2011 I have made a small user info form. User will put his name and email address. I have to store this info into database. We know that mysql_real_escape_string() is used to prevent the SQL Injection and htmlspecialchars() is used to handle the HTML characters. So, I need to wrap up the username and emai laddress values with both of the functions to prevent sql attack and to handle html characters. My Question is which of the function I should use first and which I should use second? Quote Link to comment Share on other sites More sharing options...
spiderwell Posted April 27, 2011 Share Posted April 27, 2011 if it was me, I would use htmlspecial chars first then escape, but I have no idea if that is correct, and if indeed there is a correct order Quote Link to comment Share on other sites More sharing options...
saurabhx Posted April 27, 2011 Share Posted April 27, 2011 if it was me, I would use htmlspecial chars first then escape, but I have no idea if that is correct, and if indeed there is a correct order Me too. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.