i have at the web-site text-box editor for submitting (like one that EE has).
the question is: what is the best way to filter the message that is going to the database and emails to the customer.
to avoid sql injections and let the full text that person writes to be displayed at the web-site and at the email. with all its double and single quotes, back slashes, etc... and other characters. especially if the text was copied and pasted from word!
so what should be used?
could you share please your experience?
will really appreciate it