How do everyone write PHP programs to process the HTML code entered by the user?

Question

In order to filter HTML and JS code, should htmlspecialchars() be called before writing the library or when reading the library? Or what?

我想大声告诉你 · Answer

When preventing XSS attacks, it is generally recommended to use the htmlspecialchars function, because although strip_tags can delete HTML tags, it will not delete " or '. Therefore, even if you use strip_tags, you still need to use the htmlspecialchars function to filter out " or '

In form submission or user message board, if you want the original data output to be sent to the browser, please use the htmlspecialchars function instead of the strip_tags function.

曾经蜡笔没有小新 · Answer

Basically, it is called when the inventory is in stock, which is the key to entry.

Php8, I'm coming too

Learn website layout in 30 minutes

Shangguan Oracle Beginner to Proficient Video Tutorial

Your first line of UNI-APP code

Flutter from scratch to app launch

Brother Lian New Linux Video Tutorial

AXURE 9 Video Tutorial (Suitable for Product Manager Interactive Product Design UI)

Zero Basic Proficiency PS Video Tutorial

16 day UI video tutorial to get you started

PS Techniques and Slicing Techniques Video Tutorial

Alibaba Cloud Environment Construction and Project Launch Video Tutorial

Overview of Computer Networks - Basic Knowledge that Programmers Must Master

Essential Tutorial for Programmers - HTTP Protocol Explanation

Websocket Video Tutorial