i am currently working on making my site injection proof and was wondering about the validations i am making, my code goes like this:
if(!empty($_POST['city']) && !empty($_POST['street'])){
$city = htmlentities(mysql_real_escape_string($_POST['city']));
$street = htmlentities(mysql_real_escape_string($_POST['street']));
}
my question is isnt the empty check itself is a vulnerability? i mean do i have to escape string in the !empty validation as well? or it is safe to keep it that way? thanks.