[RESOLVED] mysql_real_escape_string & htmlentities

showman13

Hello All,

This is sort of a curiousity question, as I am trying to determine if it has anything to do with issues I'm currently having, losing pieces of data after submitting a form.

Is there a difference in the outcome of the following two lines (rearranged)

mysql_real_escape_string(htmlentities($string));

htmlentities(mysql_real_escape_string($string));

Can you expect that the result will be the same either way?

thanks
Doug

Weedpacket

Yes, they can produce different results: " for example, will be handled differently.

But there's usually little need to have the two together like that: [man]htmlentities[/man] is for preparing text for output (embedding in an HTML/XML document), [man]mysql_real_escape_string[/man] is for preparing text for input (inserting into a database).

showman13

Weedpacket;10946240 wrote:
Yes, they can produce different results: " for example, will be handled differently.

But there's usually little need to have the two together like that: [man]htmlentities[/man] is for preparing text for output (embedding in an HTML/XML document), [man]mysql_real_escape_string[/man] is for preparing text for input (inserting into a database).

Thank you for your response Weedpacket.

I picked this little clean function up from a forum, and thought it made sense. But what you pointed out makes more sense, so I guess I can break it down into 2 separate functions to use depending on what I'm cleaning the input up for.

Thanks again,

Doug