I need help understanding the proper sequence of filtering data when sending user inputted comments through ajax.
My input textarea data is filtered like so
$comment = htmlentities(addslashes($_POST['comment']));
And I input that into the database. I need it to simply be safe text that displays symbosl. Now I need to show this content to a member with all the slashes they put in, in their comment.
I don't want to see
The comment\'s not so pleasant to read.
I don't know how to google this question.. or formulate the sentence. I wish to be able to return a nicely formatted comment using ajax aswell. Can anyone point me in the right direction? I just wish not to be hacked :x
