Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
So, we all know, that if user enters something into input and we put it to database, we have to make it safe (use mysql_escape_string and so on).
But when we add user’s input to file, do we need to protect it either (besides htmlspecialchars)?
Thank you.
That highly depends on what happens to the data afterwards. You don’t need to escape it (as there is no such thing like “file injection”), but you should be careful when printing the content back to the browser. (strip_tags and/or htmlspecialchars)