What is the correct function to use when saving HTML data to a MySQL database?
I know this is a rather basic question, but what is the correct function to use against form input fields when HTML is inserted into a MySQL database? (mysql_real_escape_strin开发者_JAVA百科g, htmlentities, etc.)
Also, which function should be used when printing the value from the database in a text field, html page, etc.?
Use mysql_real_escape_string()
when inserting in the database, and htmlspecialchars()
before printing.
If you use PDO and prepared statements, you don´t have to worry that much about the data you are inserting in the database.
About the output, it depends what you need: If it´s for real html output, you cannot use htmlentities
as the output will not be html anymore.
精彩评论