Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is my "improved" htmlentities function safe?

Posted on 2008-10-23
1
Medium Priority
?
280 Views
Last Modified: 2008-10-24
For security reasons, and to maintain data I now use htmlentities() to clean user-managed settings before placing the values in form input fields.

The problem is that © becomes © which then becomes ©

I wrote a function that seams to fix this.  But I want to know if I am opening up security loop-holes by using my function.

Is my function a good idea or a bad idea?




function clean_htmlentities ($str) {
return str_replace(array('&','&'),'&',htmlentities($str));
}

Open in new window

0
Comment
Question by:hankknight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 27

Accepted Solution

by:
Cornelia Yoder earned 2000 total points
ID: 22789635
IMHO, htmlentites() is far superior to other filtering/cleaning functions, so I think if you've fixed the minor problem with &copy, you're in great shape.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question