Solved

Is my "improved" htmlentities function safe?

Posted on 2008-10-23
1
276 Views
Last Modified: 2008-10-24
For security reasons, and to maintain data I now use htmlentities() to clean user-managed settings before placing the values in form input fields.

The problem is that © becomes © which then becomes ©

I wrote a function that seams to fix this.  But I want to know if I am opening up security loop-holes by using my function.

Is my function a good idea or a bad idea?




function clean_htmlentities ($str) {
return str_replace(array('&','&'),'&',htmlentities($str));
}

Open in new window

0
Comment
Question by:hankknight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 27

Accepted Solution

by:
Cornelia Yoder earned 500 total points
ID: 22789635
IMHO, htmlentites() is far superior to other filtering/cleaning functions, so I think if you've fixed the minor problem with &copy, you're in great shape.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question