Server-Side Validation in PHP for the Web: Visual QuickStart Guide (5th Edition) Posted June 29, 2017 My question is, which is the best way to make a form input "sticky" using both stripslashes and htmlspecialchars, namely what is the proper order of the two: <input type="text" name="firstName" size="30" maxlength="30" value="'; if(isset($_POST['firstName'])) echo stripslashes(htmlspecialchars($_POST['firstName'], ENT_QUOTES)); echo '" /> -or- <input type="text" name="firstName" size="30" maxlength="30" value="'; if(isset($_POST['firstName'])) echo htmlspecialchars(stripslashes($_POST['firstName']), ENT_QUOTES); echo '" /> They both yield the same results when using a value such as O'Schmalley McGee <input type="text" name="firstName" size="30" maxlength="30" value="O'Schmalley McGee" /> But which one is technically "better?" Thank you in advance and God Bless Larry Ullman for being a fantastic author!
Server-Side Validation
in PHP for the Web: Visual QuickStart Guide (5th Edition)
Posted
My question is, which is the best way to make a form input "sticky" using both stripslashes and htmlspecialchars, namely what is the proper order of the two:
<input type="text" name="firstName" size="30" maxlength="30" value="'; if(isset($_POST['firstName'])) echo stripslashes(htmlspecialchars($_POST['firstName'], ENT_QUOTES)); echo '" />
-or-
<input type="text" name="firstName" size="30" maxlength="30" value="'; if(isset($_POST['firstName'])) echo htmlspecialchars(stripslashes($_POST['firstName']), ENT_QUOTES); echo '" />
They both yield the same results when using a value such as O'Schmalley McGee
<input type="text" name="firstName" size="30" maxlength="30" value="O'Schmalley McGee" />
But which one is technically "better?"
Thank you in advance and God Bless Larry Ullman for being a fantastic author!