Solved

Is my "improved" htmlentities function safe?

Posted on 2008-10-23
1
272 Views
Last Modified: 2008-10-24
For security reasons, and to maintain data I now use htmlentities() to clean user-managed settings before placing the values in form input fields.

The problem is that © becomes © which then becomes ©

I wrote a function that seams to fix this.  But I want to know if I am opening up security loop-holes by using my function.

Is my function a good idea or a bad idea?




function clean_htmlentities ($str) {
return str_replace(array('&','&'),'&',htmlentities($str));
}

Open in new window

0
Comment
Question by:hankknight
1 Comment
 
LVL 27

Accepted Solution

by:
yodercm earned 500 total points
ID: 22789635
IMHO, htmlentites() is far superior to other filtering/cleaning functions, so I think if you've fixed the minor problem with &copy, you're in great shape.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question