Questions tagged [htmlspecialchars]

htmlspecialchars is a PHP function that convert special characters to HTML entities.

Famous question: htmlentities() vs. htmlspecialchars()

467 questions

votes

2 answers

array_walk_recursive can't work when I use function htmlspecialchars?

I use array_walk_recursive to apply htmlspecialchars on my array value, but it didn't work, htmlspecialchars works when I use it manully; Here is my code: $new[] = "Test

"; …

php htmlspecialchars

asked Jun 23 '16 at 04:29

Yuga

votes

3 answers

How to display htmlspecialchars on the html?

I've read here: https://stackoverflow.com/a/8932454/4301970 that htmlspecialchars() is very effective preventing xss attacks. I'm receiving formated text from a wysiwyg editor, for example:

php xss code-injection htmlspecialchars

asked Jun 03 '16 at 13:36
random425

679

1

9

20

2
votes

1 answer

What am I missing? SQL injection

I'm trying to filter out as much as possible to prevent nasty SQL injection, here's my code example, is there anything I'm missing? $name = htmlspecialchars($row['name']); echo '
'.$name.'
'; in my html code ^ if(…

php mysql sql preg-match htmlspecialchars

asked Jan 30 '16 at 16:17
DagicCross

401

3

13

2
votes

3 answers

How to secure a form?

I was reading an article about form security because I have a form in which a user can add messages. I read that it was best to use strip_tags(), htmlspecialchars() and nl2br(). Somewhere else it is being said to use html_entity_decode(). I have…

php htmlspecialchars html-entities strip-tags

asked Aug 13 '10 at 15:31
AdRock

2,959

10

66

106

2
votes

1 answer

Htmlspecialchars does not work with variable passed

I'm using htmlspecialchars to display Greek letters correctly in my html. For that reason I have: $array = array('sampleGreekString' => 'Ενδιαφερόμαστε για το φορτίο σας') When I call the function like this: htmlspecialchars('Ενδιαφερόμαστε για το…

php encoding htmlspecialchars

asked Sep 10 '15 at 17:54
Isadora

423

1

5

12

2
votes

2 answers

use of htmlspecialchars()

I am learning php and I came across htmlspecialchars() that it is used to prevent hackers attack , How ? I have read it on google , did not understand yet.Can you please give an example how ?

php html htmlspecialchars

asked Jul 03 '15 at 15:26
StealthTrails

2,281

8

43

67

2
votes

2 answers

PHP: htmlspecialchars, but keep HTML entities

I've been working on a small side project which formats Skype logs to make them look nice. This is going great, but I have hit a somewhat annoying bump in the road. Here is a great (and somewhat obscene) example of what is going on. As you can see,…

php html-entities htmlspecialchars

asked Jun 12 '15 at 02:32
mattrick

3,580

6

27

43

2
votes

1 answer

file_get_contents fail when a url have &

I have a problem i am trying to use file_get_contents(''); to request the contents of a url but php keeps adding amp; to every part of the url that has an & symbol te url I am trying to request is like the one bellow …

php html url file-get-contents htmlspecialchars

asked Mar 16 '15 at 03:20
saveonsky

51

3

2
votes

4 answers

output data from database using htmlspecialchars() that has been filtered using filter_input()

I have found from different blogs that it is strongly recommended to use htmlspecialchars() to output any data on screen to be safe from XSS Attack. I am using filter_input() to filter any data that comes from user before inserting into database.…

php security mysqli xss htmlspecialchars

asked Feb 28 '15 at 00:51
Coder

237

4

21

2
votes

1 answer

Why doesn't htmlspecialchars convert quotes inside an input value?

I have the following code: where $row['nr_p_vac'] is test ' " / /n /t <>. When I'm not using htmlspecialchars in the input there's only test ' (of…

php htmlspecialchars

asked Feb 25 '15 at 11:13
Hello Lili

1,527

1

25

50

2
votes

1 answer

how can set substr for special chars?

how can I substr a text that execute htmlspecialchars to it. saved in database some text " some text " some text ' some text ' some text 'some text' some text ' some text 'some text ' some text '…

php substr htmlspecialchars

asked Feb 07 '15 at 20:31
Simon

147

2

10

2
votes

2 answers

htmlspecialchars(); don't work

When I use "htmlspecialchars" in this code: w3s.com"); echo $test; ?> I want see HTML entites, such as: "><script>alert - for example. But I see this: w3s.com And in browser HTML markup…

html htmlspecialchars

asked Jan 31 '15 at 22:46
hidd

336

3

11

2
votes

1 answer

htmlentities not working on single quote

I am trying to do a simple convert of single quote (') to html entity (') but can not figure out why this is not working. $test = "Bob's House"; echo htmlentities($test,ENT_QUOTES); echo htmlspecialchars($test,ENT_QUOTES); Both examples still…

php html-entities htmlspecialchars

asked Dec 10 '14 at 23:25
Stephen Croft

801

1

8

12

2
votes

2 answers

Apostrophe cause problems inserting query when using trim, stripslashes and htmlspecialchars

When I use text with an apostrophe, the query don't work. Example: This is Ben's party. This is the function I use: function text_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); …

php trim strip htmlspecialchars apostrophe

asked Jun 16 '14 at 09:33

user3328041

2
votes

1 answer

Why does htmlspecialchars work on 'PHP_SELF' and not on 'REQUEST_URI' on form post?

I write http://www.mysite.com/form.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E on URL. Now I press enter and the URL is: http://www.mysite.com/form.php/"> Now I post the form. When using $_SERVER['PHP_SELF'],…

php forms post action htmlspecialchars

asked Jan 19 '14 at 04:29
Perocat

1,481

7

25

48

Prev 1 2 3
…
31 32 Next