How to prevent XSS with HTML/PHP?

by

Basically you need to use the function htmlspecialchars() whenever you want to output something to the browser that came from the user input.

The correct way to use this function is something like this:

echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8');

Google Code University also has these very educational videos on Web Security:

More Related Contents:

  1. How to prevent injection when user is supplying an arbitrary URL parameter?
  2. xss attack on a php page
  3. How can I sanitize user input with PHP?
  4. What are the best practices for avoiding xss attacks in a PHP site [closed]
  5. The ultimate clean/secure function
  6. Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
  7. PHP_SELF and XSS
  8. Best way to defend against mysql injection and cross site scripting
  9. How can I properly escape HTML form input default values in PHP?
  10. CodeIgniter – why use xss_clean
  11. How do you set up use HttpOnly cookies in PHP
  12. Prevent XSS with strip_tags()?
  13. XSS filtering function in PHP
  14. htmlspecialchars vs htmlentities when concerned with XSS
  15. Protection against XSS exploits?
  16. Calling a function on click of button in HTML/PHP [closed]
  17. PHP mkdir with form input and security
  18. Can’t insert data into mysql database using PHP [closed]
  19. PHP: Convert any string to UTF-8 without knowing the original character set, or at least try
  20. How to extract text from the PDF document? [closed]
  21. PHP_AUTH_USER not set?
  22. Is there way to keep delimiter while using php explode or other similar functions?
  23. Prevent nginx 504 Gateway timeout using PHP set_time_limit()
  24. Add fee based on specific payment methods in WooCommerce
  25. array_unique and then renumbering keys [duplicate]
  26. My pattern isn’t matching a ISO style date, why? [duplicate]
  27. How to display a date as iso 8601 format with PHP
  28. How to properly use Bearer tokens?
  29. show progressbar while loading pages using jquery ajax in single page website
  30. How to decode a JSON String with several objects in PHP?

Leave a Comment