Im creating a chatterbox, and I don't want people to hack my site. I use striptags on comments before they enter the database.
Do I still need to use htmlspecialchars after extracting the comments from the database? Or am I safe without it?
It's good practice to use htmlspecialchars anyway. For one thing, & is a special char.
