Well, I know that correct escaping will help to prevent SQL injection. But I

Question

0

Editorial Team

Asked: June 5, 20262026-06-05T21:21:15+00:00 2026-06-05T21:21:15+00:00

Well, I know that correct escaping will help to prevent SQL injection. But I

0

Well, I know that “correct” escaping will help to prevent SQL injection.

But I saw people escaping values in HTML

<input type="text" value =/"some/" /> <!-- some escaped, why? -->

Question is:
Why to escape in HTML?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T21:21:18+00:00

<input type="text" value =/"some/" /> 

That is a syntax error. Don’t do that.

Use character references to represent special characters (&, <, etc).

Why to escape in HTML?

(Assuming you use the correct syntax to do so): because some characters have special meaning in HTML. For example, you don’t want a " (in the data) ending your attribute value prematurely since that can:

Lose data
Lose data but have it display in the page
Allow third parties to inject their JavaScript into your pages and steal data / redirect people to phishing sites / etc

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Well, I know that correct escaping will help to prevent SQL injection. But I

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply