Quote:
Originally Posted by Klen
I am using htmlspecialchars and so far it is working fine. But it does not hurt to put extra steps to harden security.
|
htmlspecialchars is meant more for output to an HTML document, and in any case htmlentities does a better job of that.