I read in a PHP book that it is a good practice to use

Question

0

Asked: May 27, 20262026-05-27T08:51:13+00:00 2026-05-27T08:51:13+00:00

I read in a PHP book that it is a good practice to use

0

I read in a PHP book that it is a good practice to use htmlspecialchars and mysqli_real_escape_string in conditions when we handle user inputed data. What is the main difference between these two and where they are appropriate to be used? Please guide me.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T08:51:13+00:00

Editorial Team

2026-05-27T08:51:13+00:00Added an answer on May 27, 2026 at 8:51 am

htmlspecialchars: “<” to “& lt;”
(Replaces HTML-Code)

mysqli_real_escape_string: ” to \”
(Replaces Code, that has a meaning in a mysql-query)

Both are used to be save against some attacks like SQL-Injection and XSS

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I read in a PHP book that it is a good practice to use

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply