Validating user input?

Question

I am very confused over something and was wondering if someone could explain.

In PHP i validate user input so htmlentitiies, mysql_real_escape_string is used before

Answer 1

There's no reason to worry about having malicious JavaScript code in the database if you're escaping the HTML when it comes out. Just make sure you always do escape anything that comes out of the DB.