Jump to content
Larry Ullman's Book Forums

I'm Having Some Trouble Understanding Htmlentities(), Htmlspecialchars(), And Strip_Tags


Recommended Posts

In chapter 5 the book states, for security purposes, it's almost always a good idea to use the above functions with any user-provided data that's being printed to the browser. Besides textarea tags, does this also include input tags, radio button tags, select tags and checkbox tags as well? For example, a username text, a first and last name text box, or are these functions just for a textarea? 

My last question is, which one is the best to use, or should we use, and why? Thank in advance for any replies, I'm really lost on this topic.

Link to comment
Share on other sites

Sorry for the confusion! Yes, this should be used on *any* user-submitted data. Forms are very easy to manipulate and I could easily provide to your site any value whatsoever as my ZIP code or salutation. I'd always go with the most strict function you can get away with, which normally means strip_tags(). 

  • Upvote 2
Link to comment
Share on other sites

 Share

×
×
  • Create New...