Caner BULUT wrote:
Hi Guys,

I have a question if you have any knowledge about this please let me know.

I getting data from a form with POST method like following.

$x = htmlentities($_POST['y']);


After getting all form daha I save them into DB, I used

Don't try to home brew your own.
You'll miss stuff.

Use an input filter class that is developed by and tested by a large number of users.

is what I recommend.

Also, with respect to mysql_real_escape - if you use prepared statements, escaping isn't an issue.

Personally I recommend a database extraction later.
Pear MDB2 is a good one.
It makes your code portable to other databases as long as you stick to standard SQL (which usually is pretty easy to do).

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to