What’s the best practice to set html attribute via PHP?

by

You always want to HTML-encode things inside HTML attributes, which you can do with htmlspecialchars:

<span title="<?php echo htmlspecialchars($variable); ?>">

You probably want to set the second parameter ($quote_style) to ENT_QUOTES.

The only potential risk is that $variable may already be encoded, so you may want to set the last parameter ($double_encode) to false.

More Related Contents:

  1. How do i place word restriction on html and php [closed]
  2. What is the best way to do this site redirection
  3. How to get the value from and save to Database in php
  4. check if link “still” exists [duplicate]
  5. What is the purpose of compiling css/scss? [closed]
  6. Using .htaccess to make all .html pages to run as .php files?
  7. Seo Friendly URL results in CSS IMG and JS not working
  8. How to prevent form resubmission when page is refreshed (F5 / CTRL+R)
  9. Keep values selected after form submission
  10. How do I make a PHP form that submits to self?
  11. How can I run a PHP script inside a HTML file?
  12. HTML Scraping in Php [duplicate]
  13. How to add text to an image with PHP GD library
  14. Dynamically display a CSV file as an HTML table on a web page
  15. Setting value of a HTML form textarea?
  16. php: Get html source code with cURL
  17. php variable inside echo ‘html code’
  18. How to preview an image before and after upload?
  19. Converting HTML to PDF (not PDF to HTML) using PHP [closed]
  20. Using PHP to get DOM Element
  21. Notice: Undefined offset: 0 in
  22. How come checkbox state is not always passed along to PHP script?
  23. Sanitizing HTML input
  24. PHP – Secure member-only pages with a login system
  25. Continuing overflowed text in a different div?
  26. Regex matching table rows in HTML [duplicate]
  27. PHP E-mail Form Sender Name Instead Of E-mail?
  28. Why are escape characters being added to the value of the hidden input
  29. How to safely output HTML from a PHP program?
  30. loadHTML LIBXML_HTML_NOIMPLIED on an html fragment generates incorrect tags

Leave a Comment