Correct PHP method to store special chars in MySQL DB

Question

Using PHP, what is the best way to store special characters (like the following) in a MSQUL database, to avoid injections.

« \" \' é à ù

Th

Answer 1

Use utf8 encoding to store these values.

To avoid injections use mysql_real_escape_string() (or prepared statements).

To protect from XSS use htmlspecialchars.