For example if i use $id= $_GET[‘id’]; and then i use that $id as

Question

0

Asked: June 6, 20262026-06-06T22:23:29+00:00 2026-06-06T22:23:29+00:00

For example if i use $id= $_GET[‘id’]; and then i use that $id as

0

For example if i use $id= $_GET['id']; and then i use that $id as a condition for an if statement, do i have to use htmlspecialchars on $id?

e.g.

$id = htmlspecialchars($_GET['id']);

if($id) {
//code
}

Is htmlspecialchars needed, even though no html is being output?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-06T22:23:30+00:00

Editorial Team

2026-06-06T22:23:30+00:00Added an answer on June 6, 2026 at 10:23 pm

No. You only need to HTML-escape data if you are outputting it into an HTML context, and the data may contain characters which have a special meaning in HTML (e.g. <, >, ") and you do not want those characters to break your HTML structure.

Also see The Great Escapism (Or: What You Need To Know To Work With Text Within Text).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

For example if i use $id= $_GET[‘id’]; and then i use that $id as

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply