htmlspecialchars or mysql_real_escape_string?

I

itsoisi

New Member
I am unsure which one to use in this situation??? \[code\]$query1 = "SELECT * FROM messages WHERE messages.custid='".htmlspecialchars($_SESSION['customerid'])."' ORDER BY messages.id LIMIT $start, $limit ";\[/code\]
 
You must log in or register to reply here.
Back
Top