Decoding mysql_real_escape_string() for outputting HTML
- by Peter
I'm trying to protect myself from sql injection and am using:
mysql_real_escape_string($string);
When posting HTML it looks something like this:
<span class="\"className\"">
<p class="\"pClass\"" id="\"pId\""></p>
</span>
I'm not sure how many other variations real_escape_string adds so don't want to just replace a few and miss others... How do I "decode" this back into correctly formatted HTML, with something like:
html_entity_decode(stripslashes($string));