Just wondering if it normal and acceptable use both on one string before entering it into a database or displaying it?
For example:
$project_name = mysqli_real_escape_string($dbcon,htmlspecialchars($_POST['project_name']));
Just wondering if it normal and acceptable use both on one string before entering it into a database or displaying it?
For example:
$project_name = mysqli_real_escape_string($dbcon,htmlspecialchars($_POST['project_name']));
Anyone?
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.