htmlentities: secure enough form?

[Gath]

Hi.

 

Is

$reply_text = htmlentities ($reply_text, ENT_QUOTES);

secure enough for a query?

If not, why not?

I'm not very good at security, and might be missing some obvious stuff...

 

If it isnt, what i'm looking for is something that will secure the form (it's a message for a forum) but when showing it on a page, it comes out exactaly like it was typed. (pretty mutch like this forums  )

 

Thank you.

[MadTechie]

but when showing it on a page, it comes out exactaly like it was typed. (pretty mutch like this forums  )

 

try viewing the source of the online page.

 

its pretty secure.. depends what of protection your after..

[Gath]

but when showing it on a page, it comes out exactaly like it was typed. (pretty mutch like this forums  )

 

try viewing the source of the online page.

 

its pretty secure.. depends what of protection your after..

 

Yes, i keep inputting all weird combinations of symbols and such, checked the page, and it comes out alright.

 

What protection i'm after... hmm... well, to stop anything that could be done "against" the site/db, really 

sql injection, and anykind of 'exploit' to the code/db.

[MadTechie]

yeah htmlentities should be fine

 

try this

$reply_text = 'Hello "world" that will be £1.99 please for Fish & chips';
$reply_text = htmlentities ($reply_text, ENT_QUOTES);
echo $reply_text;

 

it should view like this

Hello "world" that will be £1.99 please for Fish & chips

 

but if you "view source" it will show this

Hello "world" that will be £1.99 please for Fish & chips