Whenever I input into database I use the strip_tags function and whenever I output information I use htmlspecialchars. That said, if I introduce into database something like:
Hello, Mr. John. "Come on.."
The output is:
Hello, Mr. John. \"Come on..\"
How can I avoid this?
When using htmlspecialchars on your output, the result you get is \"Come on..\" unless ENT_NOQUOTES is set.
To get the original string Hello, Mr. John. "Come on.." you have to
$result = htmlspecialchars_decode( stripslashes($raw) );
or
$result = htmlspecialchars(stripslashes($raw), ENT_NOQUOTES); when you're calling htmlspecialchars