Security
I’m working on some code and I am trying to make sure all the incoming data is secure. I currently call mysql_real_escape_string()
on all incoming data, but I am wondering if it would be worth my while to call htmlspecialchars() on it as well. Does anyone else have any good tips on un-tainting user data.
on all incoming data, but I am wondering if it would be worth my while to call htmlspecialchars() on it as well. Does anyone else have any good tips on un-tainting user data.
