I am using mysql_real_escape_string
to save content in my mySQL database. The content I save is HTML through a form. I delete and re-upload the PHP file that writes in DB when I need it.
To display correctly my HTML input I use stripslashes()
In other case, when I insert it without mysql_real_escape_string
, I do not use stripslashes()
on the output.
What is your opinion? Does stripslashes
affect performance badly ?