Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In a registration procedure, after a user has successfully registered, I need to output the user entered information such as, user name, password, security question, etc. back to a welcome page.
My question is what some good practice I should follow in order to output the user enter info on a page?
For example,
echo htmlentities($user_name);
echo htmlentities($user_password);
echo htmlentities($user_secrete_answer);
Thank you
Using
htmlentitiesis fine to prevent attacks where HTML is injected (like XSS); in fact, you could even use justhtmlspecialcharsthat suffices to encode the special characters of HTML (remember to set the quote_style parameter toENT_QUOTESif you want to insert the data into a HTML attribute value wrapped in single quotes).But you should not print every data that is sent to your application. The password is a datum that should not be returned to the user in any way to prevent a disclosure of this information:
Furthermore, the password should never be stored in plain text but only as a hash, if possible using an additional salt.