August 15th, 2004 
Which one is better?
I am writting a cms, and only my staff members are going to have access to it.
Now, I am trying to prevent accidental sql injection using htmlspecialchars() to change the special characters (because someone might post a news article that may contain a quote on someone or whatever)
while browsing through the manual, I also saw many other ways of preventing sql injections such as htmlentities() (I guess if I make the cms public, I'd use that), stripslashes(), get_magic_quotes_gpc() etc.
I am kind of confuse here, cause I want to use the best method, and not sure which one it is. But I think I am pretty safe with htmlspecialchars() since only my trustworthy people use the cms. However, I am planning to have a visitor submitted articles section too, so I will need a much tighter security there. So what should I use for that?
___________________
xXxXxXx
