This is the function i currently use(from a php book i bought):
function escape($data) {
return mysql_real_escape_string(trim($data), $this->linkid);
}
But I feel like it could be safer. for example, maybe use htmlspecialchars. It always makes me paranoid. I've read that mysql_real_escape_string is bad and never to use it, but then i've also read it's the best way. Lots of confusion regarding data sanitizing when inserting them to the database.
So how do you do it? and what are the pros and cons of the way you do it.