Home/ Questions/Q 8241951
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T21:00:29+00:00

I have a custom forum in which I employ htmlentities so users aren’t able

  • 0

I have a custom forum in which I employ htmlentities so users aren’t able to post malicious code(html/js). Anyway, as I am pulling posts from the database, I use str_replace in order to show certain html elements <, >, &, etc.. is there any harm in doing this? Will it cause side effects/html to render?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    1. User posts data
    2. Data is escaped for mysql, written to DB
    3. User makes request for data
    4. Data is encoded for display (aggressively with htmlentities or htmlspecialchars, or some subset of allowed characters. You could do this with str_replace, but there are better utilities).
    • 0