As a convention I’ll make sure any PHP string used as a field value in a database query only has characters having code points below
128. Also, by convention, I will define all database string fields to be
UTF-8. The place where I will be conducting the validation will be after a new string is received from a source outside my code.
The following function for adding slashes is to be used instead of
addslashes() — partly because it is aware of the encoding of the characters in the string:
Read up on this function elsewhere before using it.