Sanitising some user input; function html_mysql_sanitise($data) { if(get_magic_quotes_gpc()) { $data = stripslashes($data); } $data

Question

0

Asked: June 13, 20262026-06-13T04:16:41+00:00 2026-06-13T04:16:41+00:00

Sanitising some user input; function html_mysql_sanitise($data) { if(get_magic_quotes_gpc()) { $data = stripslashes($data); } $data

0

Sanitising some user input;

function html_mysql_sanitise($data) {
  if(get_magic_quotes_gpc()) {
    $data = stripslashes($data);
  }
  $data = htmlentities($data, ENT_QUOTES);
  $data = htmlspecialchars($data, ENT_QUOTES);
  return mysql_real_escape_string($data);
}

$_POST['data'] = html_mysql_sanitise($_POST['data']);

echo $_POST['data'];
echo html_entity_decode(htmlspecialchars_decode($_POST['data']));
echo html_entity_decode($_POST['data'], ENT_NOQUOTES);
echo htmlspecialchars_decode($_POST['data'], ENT_NOQUOTES);

$_POST[‘data’] is set to;

test<d#'!;ta>

The output of this is;

test&lt;d#&#039;!;ta&gt;
test
test<d#'!;ta>
test<d#'!;ta>

Why do the last two produce the same result, and the 2nd one is part of the posted data? Since the last two seem to produce the desired result, which should I use?

Thank you.