I want my users to be able to comment using Markdown and avoiding XSS.
What is the correct sequence of actions to do ?
This is my understanding of how it works:
user input via HTML form using Markdown syntax
$Input = markdown(mysql_real_escape_string($_POST['userInput']));
insert $input into database
And then, Do I need also to use htmlspecialchars ?