Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an admin section within my site where items can be stored. Once they are stored, they are displayed on the front end. Part of my display involves code like the following:
echo "<p>".$rose['description']."</p>";
Does this need to have htmlspecialchars included into it to protect from xss at a low level?
Yes of course, you should always santize user input before outputting it back to prevent XSS attacks. remember that you should sanitize user input before outputting it and not before saving it to the db, because you don’t always need to output html