HTML characters and PHP

[SharkBait]

Curious what other people do about special characters in HTML while processing data with PHP.

I've been using TinyMCE (and I'm starting to dislike it) and noticed that when I have submitted information with it via $_POST that TinyMCE actually converts things like " (quotes), ' (apostrophys) and things to their HTML equivalent.

I would normally just use them as they are on the keyboard and then use things like [code=php:0]mysql_real_escape_string()[/code] to escape the apostrophys and such but this doesn't seem to happened because of what TinyMCE does.

Do you escape your characters or do you convert them to their HTML entities prior to processing them from forms?

I've also noticed that TinyMCE breaks my validation from time to time too.  Any other better WYSIWY javascript editors out there that have a similar footprint?

:)

[zq29]

I personally convert them to their HTML entity.

[sw0o0sh]

When I coded my first forum, the post data from the textarea in a post was translated somewhat like this

$text=nl2br(htmlspecialchars($_POST[text]));

as you can see, htmlspecialchars was sufficient enough;
and usually the insert query would be something like:

$insert=mysql_query("INSERT INTO x (post) VALUES(\"$text\")");

Or somewhere among the lines.