My question is, which is the best way to make a form input "sticky" using both stripslashes and htmlspecialchars, namely what is the proper order of the two:
<input type="text" name="firstName" size="30" maxlength="30" value="'; if(isset($_POST['firstName'])) echo stripslashes(htmlspecialchars($_POST['firstName'], ENT_QUOTES)); echo '" />
-or-
<input type="text" name="firstName" size="30" maxlength="30" value="'; if(isset($_POST['firstName'])) echo htmlspecialchars(stripslashes($_POST['firstName']), ENT_QUOTES); echo '" />
They both yield the same results when using a value such as O'Schmalley McGee
<input type="text" name="firstName" size="30" maxlength="30" value="O'Schmalley McGee" />
But which one is technically "better?"
Thank you in advance and God Bless Larry Ullman for being a fantastic author!