If you use htmlspecialchars() when receiving input from the user, like:
$email = htmlspecialchars($_POST['email']);
Should you use a prepared statement if the query is just a SELECT one?
If you use htmlspecialchars() when receiving input from the user, like:
$email = htmlspecialchars($_POST['email']);
Should you use a prepared statement if the query is just a SELECT one?