I have data from a form and want to input it into mysql and also send that data to an email address. What is the best practice for formatting this data?
I believe when inserting the data into mysql, I should be mysql_real_escape_string(), correct? I've also heard of using htmlentities.
When sending an email, do I just send the data as is or should I do any pre-formatting?
I'm trying to avoid XSS and make this submission pretty secure of course.
Thanks again!
b