Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Prevent XSS attacks using htmlspecialchars and htmlentities. Full video tutorial here: http://youtu.be/pc0V9hJpE54
<?php
function _e($string) {
echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
//echo htmlentities($string, ENT_QUOTES, 'UTF-8');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Escape Output</title>
</head>
<body>
<?php _e('This is a problem: <script>alert("Yikes");</script>'); ?>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.