Reply To: Try out my first PHP web app!

[__]

do I use the htmlenteties() function when submitting the title to the DB and then just pull that right from the DB to display it? Or vise versa?

There isn’t a cut-and-dry answer for that. For example, if you apply htmlentities to the post when you save it, then it will be impossible (or, at the very least, difficult and uncertain) to make a plain text version of the content (e.g., for an RSS reader, or to provide the content in JSON format).

In general, I save content in its original format, and apply htmlentities only when I’m ready to display it.

edit
actually, in most situations, I use htmlspecialchars instead. But in this situation, that doesn’t have any impact on how or why it is used, and the flag options and defaults are identical.