I am unsure which one to use in this situation???
$query1 = "SELECT * FROM messages WHERE
messages.custid='".htmlspecialchars($_SESSION['customerid'])."'
ORDER BY messages.id LIMIT $start, $limit ";
I am unsure which one to use in this situation???
$query1 = "SELECT * FROM messages WHERE
messages.custid='".htmlspecialchars($_SESSION['customerid'])."'
ORDER BY messages.id LIMIT $start, $limit ";
use mysql_real_escape_string .. But really, don't do that
instead, install Pear's PDO library, then use a prepared statement for your query
mysql_real_escape_string() is made especialy for Mysql Tables, as the name indicates ;-)