Is this code secure to prevent XSS attacks ?? <?php $string = <b>hello world!</b>;

Question

0

Asked: May 28, 20262026-05-28T06:01:34+00:00 2026-05-28T06:01:34+00:00

Is this code secure to prevent XSS attacks ?? <?php $string = <b>hello world!</b>;

0

Is this code secure to prevent XSS attacks ??

<?php
   $string = "<b>hello world!</b>";
   echo "without filtering:".$string;
   echo "<br>";
   $filtered = htmlspecialchars($string); // insert into database filtered
   echo "After filtering:".$filtered;
   echo "<br>";
   $de_filtering = htmlspecialchars_decode($filtered); //retrieve from database and display
   echo "After de-filtering:".$de_filtering;        
  ?>

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T06:01:35+00:00

You should not encode HTML-Specialchars when inserting into database, that way data is manipulated (and maybe different when editing the dataset). You should rather encode them when displaying it.

But yes, htmlspecialchars() is enough to prevent XSS as long as you don’t forget to use it. The way YOU use it however is as secure as before. XSS is prevented through the encoded version, the database does not care about it.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is this code secure to prevent XSS attacks ?? <?php $string = <b>hello world!</b>;

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply