Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When outputting user input, do you only use htmlspecialchars() or are there are functions/actions/methods you also run? I’m looking for something that will also deal with XSS.
I’m wondering if I should write a function that escapes user input on output or just use htmlspecialchars(). I’m looking for the generic cases, not the specific cases that can be dealt with individually.
I usually use
on input fields. I created a method that does this because i use that a lot and it makes the code shorter and more readable.