Home/ Questions/Q 719503
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T05:38:59+00:00

I was wondering if converting POST input from an HTML form into html entities,

  • 0

I was wondering if converting POST input from an HTML form into html entities, (via the PHP function htmlentities() or using the FILTER_SANITIZE_SPECIAL_CHARS constant in tandem with the filter_input() PHP function ), will help defend against any attacks where a user attempts to insert any JavaScript code inside the form field or if there’s any other PHP based function or tactic I should employ to create a safe HTML form experience?

Sorry for the loaded run-on sentence question but that’s the best I could word it in a hurry.

Any responses would be greatly appreciated and thanks to all in advance.

racl101

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It would turn the following:

    <script>alert("Muhahaha");</script>

    into

    &lt;script&gt;alert("Muhahaha");&lt;/script&gt;

    So if you’re printing out this data into HTML later, you would be protected. It wouldn’t protect you from:

    "; alert("Muhahaha");

    just in case you were echoing into a script like so:

    var t = "Hello there <?php echo $str;?>";

    For this purpose, you should use addslashes() and a database string escaping method like mysql_real_escape_string().

    • 0