Hello. I use a text box to insert data to mysql. The box is secured with the following: mysql_real_escape_string(stripslashes(trim(htmlent ities(strip_tags( $_POST['text_box'] ))))); When i type in tÊ°e it stores it into the database but when showing,it appears: "& # 6 8 8 ;" ( with no space beetween letters because here it shows correctly if i have no space) where is the solution?
You are free to use HTML entities which can prevent some injection attempts. Of course, you should not allow it if this is for user login/password.
try using htmlspecialchars instead of htmlentities, it gives a more user-friendly output. I am on cell phone so cant give a link rite now. bt it's clearly given on PHP manual.