Using htmlspecialchars with foreach loops

Question

I an edit in my Opencart code, however after looking at a tutorial on foreach loops many highlight the importance of using htmlspecialchars to prevent injections.

Do I need to use it on the following code?

<?php foreach ($totals as $total) { ?>]]>
    <?php if ($total['title'] == "First Class") { $total['text'] = "Delivery"; } ?>
    <?php if ($total['title'] == "48Hr Courier") { $total['text'] = "Delivery"; } ?>
    <?php if ($total['title'] == "24Hr Courier") { $total['text'] = "Delivery"; } ?>

I see real_escape_string is another security feature used

no, you don't. but i am basing that answer on a few informed assumptions I'm making about the context here. — But those new buttons though.., Feb 20 '16 at 17:39
You don't have to use `htmlspecialchars` in Opencart, as it runs every user input through `htmlspecialchars`, but only if you used Opencart's Request class to retrieve those inputs. To output actual HTML code, you have to un-escape the escaped HTML code using `htmlspecialchars_decode`. — Tibor B., Feb 24 '16 at 16:40

score -1 · Answer 1 · answered Feb 19 '16 at 15:08

-1

 <search position="after"><![CDATA[<?php foreach ($totals as $total) { ?>]]></search>

this is not right xml.... You can use php librari simpleXml for create valid xml file, and <![CDATA['sting '>o astea a'vyanmy'<>]]> in this CDATA instruction, symbols not interpriter as special chars.

answered Feb 19 '16 at 15:08

Naumov

1,167
9
22

You probably don't understand what a vQmod xml file is for or how it's constructed – But those new buttons though.. Feb 20 '16 at 17:36
please read wikipedia or standard, an read old question when I write my answer http://stackoverflow.com/posts/35508275/revisions – Naumov Feb 20 '16 at 19:37
yes i read the original question. do you know anything about vqmod? – But those new buttons though.. Feb 20 '16 at 22:53

Using htmlspecialchars with foreach loops

1 Answers1