I know this is a rather basic question, but what is the correct function to use against form input fields when HTML is inserted into a MySQL database? (mysql_real_escape_strin开发者_JAVA百科g, htmlentities, etc.)
Also, which function should be used when printing the value from the database in a text field, html page, etc.?
Use mysql_real_escape_string() when inserting in the database, and htmlspecialchars() before printing.
If you use PDO and prepared statements, you don´t have to worry that much about the data you are inserting in the database.
About the output, it depends what you need: If it´s for real html output, you cannot use htmlentities as the output will not be html anymore.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论