CSS and PHP question

From: Steve Sobol (sjsobol@JustThe.net)
Date: 03/11/02

Previous message: Mauri Gómez: "RE: URLScan"
Next in thread: Nik Cubrilovic: "Re: CSS and PHP question"
Reply: Nik Cubrilovic: "Re: CSS and PHP question"
Reply: HarryM: "Re: CSS and PHP question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 11 Mar 2002 09:47:31 -0500
To: security-basics@securityfocus.com, webappsec@securityfocus.com
From: Steve Sobol <sjsobol@JustThe.net>

Hello folks,

Using PHP, if I have a text string I want to display, is it enough to use
htmlentities() or htmlspecialchars()
to encode potentially dangerous characters, or do I need to take further
precautions?

http://www.php.net/manual/en/function.htmlentities.php

http://www.php.net/manual/en/function.htmlspecialchars.php

-- 
JustThe.net LLC - Steve "Web Dude" Sobol, CTO      ICQ: 56972932/WebDude216
website: http://JustThe.net  email: sjsobol@JustThe.net  phone: 216.619.2NET
postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752  DalNet: ZX-2

Previous message: Mauri Gómez: "RE: URLScan"
Next in thread: Nik Cubrilovic: "Re: CSS and PHP question"
Reply: Nik Cubrilovic: "Re: CSS and PHP question"
Reply: HarryM: "Re: CSS and PHP question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [PHP] Displaying HTML characters in real format
... Am kind of confused between htmlspecialchars and htmlentities. ... I've got data i need to display data on a page containing e.g. " but will like it to be displayed as " ...
(php.general)
Re: just wondering... htmlspecialchars vs htmlentities
... htmlspecialchars allows you, per example to display HTML Code. ... htmlentities will replace everything it can. ... Can be useful if your want to store accentued letters in a database that does not support it, or to be really sure that all of your users are going to see accentued letters, even without setting correctly the charset you are using. ... There are many cases where you would want to convert a UTF-8 encoded string into appropriate HTML entity representations, as well as being just good practice to use more compatable entities instead of embedded character encodings. ...
(comp.lang.php)
Re: Displaying HTML characters in real format
... Am kind of confused between htmlspecialchars and htmlentities. ... I've got data i need to display data on a page containing e.g. " but will like it to be displayed as " ... Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. ...
(php.general)
Displaying HTML characters in real format
... Am kind of confused between htmlspecialchars and htmlentities. ... I've got data i need to display data on a page containing e.g. " but will like it to be displayed as " ... Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. ...
(php.general)
Re: Encoding a string?
... Try urlencode, addslashes, htmlspecialchars, htmlentities, str_replace, ...
(comp.lang.php)