mysql-real-escape string vs. htmlentities
Posted: Sat May 28, 2011 1:41 pm
On a home made CMS where html code needs to be stored in the MySQL database, I discovered that mysql_real_escape_string did not always allow data to be uploaded. I therefore switched to using htmleitities like this:
$_POST[$key] = htmlentities($value, ENT_QUOTES, 'UTF-8');
As far as I am concerned, this is the right solution, but someone else is insisting that I am using htmlenties incorrectly and that mysql_real_escape_string is what should be used.
Can someone clarify this? Why ot use htmlentities this way?
$_POST[$key] = htmlentities($value, ENT_QUOTES, 'UTF-8');
As far as I am concerned, this is the right solution, but someone else is insisting that I am using htmlenties incorrectly and that mysql_real_escape_string is what should be used.
Can someone clarify this? Why ot use htmlentities this way?