By phpfresher
via phpfresher.com
Published: Oct 11 2012 / 07:41
It depends on what your application is. If it doesn’t involve databases, then there’s no need to call mysql_real_escape_string(), similarly if the input needs to be in HTML then htmlspecialchars() would not be appropriate. However, if you are inserting untrusted content into a database that will in the future be output to a HTML page and you do not want said output’s HTML code to be parsed, then you should modify the input with both. Note that it is more common (and generally better) to invoke htmlspecialchars() when output occurs.
-
Dependency Injection in JavaScript
-
The Future of the Web
-
Arduino Yún: A bridge between do-it-yourself and the Internet of Things
-
Building REST API with MVC 4 Web API - Part 2
-
From Patterns to Code: Coding Simple Event-Driven Components for Agile Software by Russ Miles (Podcast)
-
Why Don’t Software Developers Use Static Analysis Tools to Find Bugs?
Add your comment
