Ways I can protect my site excluding XSS and Sql injection?

Question

So, members of my website can post topics, replies, comments, edit them and so on. I always use htmlspecialchars and addslashes for html inputs to

Answer 1

You should use mysql_real_escape_string() for SQL, not addslashes. (Assuming you are using MySQL)