<div>
mysql_real_escape_string()<wbr /> is a good solution.
</div>


<div>
thanks very much for such an explanation. now many things are clear to me :)<br />
i installed TinyMCE and there is a comment above text area<br />
&lt;!-- Gets replaced with TinyMCE, remember HTML in a textarea should be encoded --&gt;<br />
so how do i encode it? <br />

</div>


<div>
i thinks they mean<br />
htmlentities() right? <br />

</div>


<div>
Honestly, I can't remember! &nbsp;But I think they are talking about htmlentities() -- not before you store it in the data base, but after you retrieve it and are ready to put it out to the WWW.
</div>


<div>
<div class="content wysiwyg-content">
Hello People!<br />
i have at the web-site text-box editor for submitting (like one that EE has).<br />
the question is: what is the best way to filter the message that is going to the database and emails to the customer. <br />
to avoid sql injections and let the full text that person writes to be displayed at the web-site and at the email. with all its double and single quotes, back slashes, etc... and other characters. especially if the text was copied and pasted from word!<br />
so what should be used?<br />
mysql_real_escape_string or<br />
htmlentities($row['custome<wbr />r'], ENT_QUOTES)<br />
html_entity_decode() <br />
get_html_translation_table<wbr />() <br />
htmlspecialchars() <br />
nl2br() <br />
urlencode() ??<br />
could you share please your experience?<br />
will really appreciate it<br />
<br />

</div>
</div>


Hello People!
i have at the web-site text-box editor for submitting (like one that EE has).
the question is: what is the best way to filter the message that is going to the database and emails to the customer. 
to avoid sql injections and let the full text that person writes to be displayed at the web-site and at the email. with all its double and single quotes, back slashes, etc... and other characters. especially if the text was copied and pasted from word!
so what should be used?
mysql_real_escape_string or
htmlentities($row['customer'], ENT_QUOTES)
html_entity_decode() 
get_html_translation_table() 
htmlspecialchars() 
nl2br() 
urlencode() ??
could you share please your experience?
will really appreciate it



Text submit with escape weird characters php

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.