This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
I am using mysql_real_escape_string and strip_tags as follows:
strip_tags(mysql_real_escape_string($postvariable));
I just want to know if this makes sense. Will strip_tags still work, aka remove tags and html tags after the string has been filtered by mysql_real_escape_string ?
</div>