Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
escapeshellarg -- Escape a string to be used as a shell argument
mysql_real_escape_string -- Escapes special characters in a string for use in a SQL statement
You should use the appropriate function for the context you're going to use the data in...
Mr Tech wrote:So escapeshellarg would be used for information submitted in forms?
User mysql_real_escape_string to sanitize "tainted" data before putting it into a database query. When outputting tainted data to the browser, use htmlspecialchars($foo, ENT_QUOTES).