should i use php’s htmentities() with pdo to filter input and output escapeing, to protect from xss attack ?
should i use php’s htmentities() with pdo to filter input and output escapeing, to
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
should i use php’s htmentities() with pdo to filter input and output escapeing, to protect from xss attack ?
Use
htmlentities(or preferablyhtmlspecialchars) when outputting user supplied content in an HTML context (i.e. when displaying it on your website). Don’t HTML escape values that go into the database, since there’s no XSS vulnerability there and you usually want to store the raw data in the database and escape it later as necessary.