I was wondering if converting POST input from an HTML form into html entities,

Question

0

Asked: May 14, 20262026-05-14T05:38:59+00:00 2026-05-14T05:38:59+00:00

I was wondering if converting POST input from an HTML form into html entities,

0

I was wondering if converting POST input from an HTML form into html entities, (via the PHP function htmlentities() or using the FILTER_SANITIZE_SPECIAL_CHARS constant in tandem with the filter_input() PHP function ), will help defend against any attacks where a user attempts to insert any JavaScript code inside the form field or if there’s any other PHP based function or tactic I should employ to create a safe HTML form experience?

Sorry for the loaded run-on sentence question but that’s the best I could word it in a hurry.

Any responses would be greatly appreciated and thanks to all in advance.

racl101

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-14T05:39:00+00:00

It would turn the following:

<script>alert("Muhahaha");</script>

into

&lt;script&gt;alert("Muhahaha");&lt;/script&gt;

So if you’re printing out this data into HTML later, you would be protected. It wouldn’t protect you from:

"; alert("Muhahaha");

just in case you were echoing into a script like so:

var t = "Hello there <?php echo $str;?>";

For this purpose, you should use addslashes() and a database string escaping method like mysql_real_escape_string().

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I was wondering if converting POST input from an HTML form into html entities,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply