If you will be using the data elsewhere then use it when it is displayed
on the screen, or your other program will have to parse it.
It is a good idea to always run htmlspecialchars when outputting text to
the browser that came from a form.
-- Stewart
On Mon, 25 Feb 2002, Erik Price wrote:
>
I was wondering if anyone could give me some advice in deciding the most
appropriate time to use htmlspecialchars():
When user input is accepted and error-checked and ready to be inserted
into the database? Or when user input is pulled from the database and
ready to be displayed to the screen
2 matches
Mail list logo
