im relatively new to php and was hoping you could help me understand why

Question

0

Asked: June 5, 20262026-06-05T00:11:51+00:00 2026-06-05T00:11:51+00:00

im relatively new to php and was hoping you could help me understand why

0

im relatively new to php and was hoping you could help me understand why you should sanitize html when ‘echo’ing , specially if data is from cookie..

i.e instead of

<h3>Hello, <?php echo $_COOKIE['user']; ?>!</h3>

you should do

<h3>Hello, <?php echo htmlspecialchars($_COOKIE['user']); ?>!</h3>

this is what i understand.

cookies are stored on client side, hence are a security risk since the data in them can be manipulated/changed by evil users (lol @ evil) .

but since the cookie is stored on client side, it means a client can only change his own cookie, which means if he adds some kind of malicious code to $_COOKIE[‘user’] , when the cookie does run, the malicious code will only be shown to one user (who changed the cookie in the first place) and no one else!? so whats the problem?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T00:11:52+00:00

Editorial Team

2026-06-05T00:11:52+00:00Added an answer on June 5, 2026 at 12:11 am

You’re assuming that the user changed his own cookie. Cookies can be changed by a third-party (Edit: Using additional software. Third-party websites cannot change the cookie directly). This would enable someone to inject malicious code into the user’s browser, changing their user experience and potentially posing an additional security risk for your code.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

im relatively new to php and was hoping you could help me understand why

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply