• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 287
  • Last Modified:

Is my "improved" htmlentities function safe?

For security reasons, and to maintain data I now use htmlentities() to clean user-managed settings before placing the values in form input fields.

The problem is that © becomes © which then becomes ©

I wrote a function that seams to fix this.  But I want to know if I am opening up security loop-holes by using my function.

Is my function a good idea or a bad idea?




function clean_htmlentities ($str) {
return str_replace(array('&','&'),'&',htmlentities($str));
}

Open in new window

0
hankknight
Asked:
hankknight
1 Solution
 
Cornelia YoderArtistCommented:
IMHO, htmlentites() is far superior to other filtering/cleaning functions, so I think if you've fixed the minor problem with &copy, you're in great shape.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now