Mysql insert string

For starters, you should just use mysql_real_escape_string when inserting into the database – this will ensure that whatever you store is safely encoded, yet retains all of the original information. In terms of output, the key difference between htmlentities and htmlspecialchars is that htmlentities will convert all characters that have entities whereas htmlspecialchars will only convert <, >, …

URL valid characters

uric = reserved | unreserved | escaped reserved = “;” | “/” | “?” | “:” | “@” | “&” | “=” | “+” | “$” | “,” unreserved = alphanum | mark mark = “-” | “_” | “.” | “!” | “~” | “*” | “‘” | “(” | “)” escaped = “%” …