I have two forms.
For my first form I use htmlspecialchars. This form uses PHP validation it's based off of Ray's wonderful example which just echos the form and uses variables to alter the classes and provide text for the user.
How do I protect against SQL injection? Is there the html special chars equivalent?
I'm beginning to learn html injection and security is a huge unknown variable but my company has some ideas and I am getting a broad picture at a low hourly rate so we can hire people to make our ideas happen. We will use this website along with local businesses if it makes sense cost wise to hire people.
But I'm starting at html injection, sql injection and cross-site scripting. Which is a lot and I just hope if I do 2-3 hours a day I will be able to give my company a broad overview.