Avatar of nzrubin
Flag for New Zealand

asked on 

Text submit with escape weird characters php

Hello People!
i have at the web-site text-box editor for submitting (like one that EE has).
the question is: what is the best way to filter the message that is going to the database and emails to the customer.
to avoid sql injections and let the full text that person writes to be displayed at the web-site and at the email. with all its double and single quotes, back slashes, etc... and other characters. especially if the text was copied and pasted from word!
so what should be used?
mysql_real_escape_string or
htmlentities($row['customer'], ENT_QUOTES)
urlencode() ??
could you share please your experience?
will really appreciate it


Avatar of undefined
Last Comment
Ray Paseur

8/22/2022 - Mon