Michael, I can be useful for me. It seems there will be not ant charset problem occurs. Thanks for help. Caner. 2009/6/23 Michael A. Peters <mpeters@xxxxxxx> > Caner BULUT wrote: > >> Hi Guys, >> >> >> I have a question if you have any knowledge about this please let me know. >> >> >> I getting data from a form with POST method like following. >> >> >> $x = htmlentities($_POST['y']); >> >> . >> >> >> After getting all form daha I save them into DB, I used >> mysql_real_escape_string. >> > > Don't try to home brew your own. > You'll miss stuff. > > Use an input filter class that is developed by and tested by a large number > of users. > > http://htmlpurifier.org/ > > is what I recommend. > > Also, with respect to mysql_real_escape - if you use prepared statements, > escaping isn't an issue. > > Personally I recommend a database extraction later. > Pear MDB2 is a good one. > It makes your code portable to other databases as long as you stick to > standard SQL (which usually is pretty easy to do). >
