Is there any up to date information with regards validating and sanitising form data in PHP. The data will be stored in a mysql database.
I tend to use htmlentities and mysql_real_escape_string but have read various sites, some old, some new that suggest these methods are not entireley flawless and was wondering if there were better methods of checking user input data.
The types of data I would be looking at would require removing special characters from strings, verifying numeric input and reducing the risk of mysql injection.
I'm using php 5.3