I've set myself a little project of creating a secure, efficient forum using PHP - I don't plan to release it or anything, it's more to keep what I know about PHP fresh in my head as well as learn more 
However I have forgotten a little as I haven't coded in a while
Am I right in saying I should be using mysql_real_escape_string (I'll be using robmiller's quote_smart function for this) for data going into the database?
So for example when a user is entering something into a form I'd process his/her entry through htmlentities() - e.g. htmlentities($_POST['data'], ENT_QUOTES); along with quote_smart() in the query?
Then for reading from the database I'd just use quote_smart() in the query?
Thanks,
Craig.
However I have forgotten a little as I haven't coded in a while
Am I right in saying I should be using mysql_real_escape_string (I'll be using robmiller's quote_smart function for this) for data going into the database?
So for example when a user is entering something into a form I'd process his/her entry through htmlentities() - e.g. htmlentities($_POST['data'], ENT_QUOTES); along with quote_smart() in the query?
Then for reading from the database I'd just use quote_smart() in the query?
Thanks,
Craig.