The proper way to make safe

The proper way to make untrusted user input safe when printing data, is to use htmlspecialchars().

<?php
$unsafe_username = $_GET['username'];
echo 'hello ' . htmlspecialchars($unsafe_username, ENT_QUOTES, 'UTF-8');
Did this help you? Please let me know with a comment. Thank you
Posted .

Comments (RSS)

Leave a comment