Ways I can protect my site excluding XSS and Sql injection?

Question

So, members of my website can post topics, replies, comments, edit them and so on. I always use htmlspecialchars and addslashes for html inputs to

Answer 1

When inserting data into database, use prepared statements. PDO are better than mysql_real_espace_string.

When displaying data, such as comments, posts, use htmlentities.