Hey guys, looked at the php docs and googled around, but no joy. This

Question

0

Asked: May 19, 20262026-05-19T02:59:32+00:00 2026-05-19T02:59:32+00:00

Hey guys, looked at the php docs and googled around, but no joy. This

0

Hey guys,
looked at the php docs and googled around, but no joy. This is my code snippet, the htmlspecialchars doesn’t seem to work, wrong use of it?

$query="SELECT * FROM likes";
$result=mysql_query($query);

$num=mysql_numrows($result);
$liked=htmlspecialchars($liked, ENT_QUOTES);
$liked=$_POST['liked'];

$query = "INSERT INTO likes VALUES ('','$name','$liked')";

thanks guys,
James

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-19T02:59:33+00:00

Editorial Team

2026-05-19T02:59:33+00:00Added an answer on May 19, 2026 at 2:59 am

You are overwriting it with $_POST['liked'] in the immediately-following line. Switch the two lines. Or, just pass the POST var into the function directly:

$liked=htmlspecialchars($_POST['liked'], ENT_QUOTES);

Anyway you should be using mysql_real_escape_string() to escape your SQL query params. Save HTML escapes only for when you’re about to display the data.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Hey guys, looked at the php docs and googled around, but no joy. This

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply