David 10K
Reputation: 303
What characters should be replaced to avoid HTML being output?
I have some user input in a website, and I don't want to allow HTML when outputting that input with PHP later.
I think that the only dangerous characters are <, >, /(slash) and \ (backslash).
Am I right?
So, for example, if I replace < with < will it be enough to prevent HTML being output?
Upvotes: 3
Views: 165
Answers (1)
PeeHaa
Reputation: 72739
Simply use the builtin function htmlspecialchars() and you will be good. Just note that you should also always add the encoding argument.
And example is:
echo htmlspecialchars($unsafeString, ENT_QUOTES, 'UTF-8');
Upvotes: 10
Related Questions
- Echoing un-escaped HTML
- PHP Escaped special characters to html
- Escape certain html tags in a string
- Escape string with PHP and HTML
- PHP+HTML Syntax
- avoid html escape character in php
- Escaping html element in PHP string to prevent invalid output to browser?
- output html tags
- How should I escape?
- output code AS IS