Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

Is my "improved" htmlentities function safe?

For security reasons, and to maintain data I now use htmlentities() to clean user-managed settings before placing the values in form input fields.

The problem is that © becomes © which then becomes ©

I wrote a function that seams to fix this.  But I want to know if I am opening up security loop-holes by using my function.

Is my function a good idea or a bad idea?




function clean_htmlentities ($str) {
return str_replace(array('&','&'),'&',htmlentities($str));
}

Open in new window

0
hankknight
Asked:
hankknight
1 Solution
 
Cornelia YoderArtistCommented:
IMHO, htmlentites() is far superior to other filtering/cleaning functions, so I think if you've fixed the minor problem with &copy, you're in great shape.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now