In PHP when submitting strings to the database should I take care of illegal characters using htmlspecialchars() or use a regular expression?

Question

I am working on a form with the possiblity for the user to use illegal/special characters in the string that is to be submitted to the database. I want to escape/negate thes

Answer 1

You haven't stated what these illegal characters may be but you should definitely be using the database API's supplied mechanism to escape data. For instance, if you're using MySQL, use PDO parameterized SQL statements.