BetterPHP

I want ' and " to be allowed through the database, but without mysql injection. I use htmlentities, but that doesn't do anything to them. Sorry if this is a stupid question, I just don't want to injected :L I tried entering apos; in the articles to see if that's allowed through and if so I could just replace ' with apos; before it goes through, but using apos; and It still didn't work :L Thanks and sorry for all the questions.

/E should this be in the php security section?

You'll want to pass it the ENT_QUOTES flag.

$var = htmlentities($_POST['var'], ENT_QUOTES);

This will convert both single and double quotes.

Thanks very much Tino, you're a legend.

You're welcome. And thanks, I suppose

There shouldn't be any problems if you escape them correctly