Home/ Questions/Q 7715289
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T02:20:51+00:00

It’s a well covered topic, but I’d like to get some confirmation on methods

  • 0

It’s a well covered topic, but I’d like to get some confirmation on methods of using data from user variables, in a few different situations.

  1. The variable is never used in a database, never stored, only displayed on screen for the user. Which function to use to make sure no html or javascript can screw things up?

  2. The variable is taken into the database, and used in SQL queries.

  3. The variable does both.

At the moment I xss_clean, and strip_tags. I’ve always done this, just by autopilot. Is there a better technique? Apologies if there’s an identical question out there. I kinda assume there is, although I couldn’t find one as thorough as this.

Cheers.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    1. Use the appropriate function while outputting, in HTML context, this is htmlspecialchars
    2. Use prepared statements
    3. See 1. and 2. – depending on whether you are displaying the variable or you are using it in a query.
    • 0