Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 379
  • Last Modified:

When to use htmlentities: validating input? or when echoing out to browser?

At first I thought htmlentities and htmlspecialchars was just to be used when echoing a value to the browser and not to be used to validate input data from a user. So that is where I put the htmlentities, for example.

echo htmlentities($title, ENT_QUOTES);

In my case I am excepting values from a user and inputting these values into a database. These database values will eventually be echoed back out to a browser. What if I use htmlentities to validate the users input only, before it is put into the database and not use it when echoing output?

Does this provide the same protection?

Thanks.
0
kadin
Asked:
kadin
1 Solution
 
Cornelia YoderArtistCommented:
That is what I always do.  It is even BETTER protection because nothing malicious can ever get into your database in the first place.  

The cost is a few bytes extra in the database for special characters, because they are stored as &#nnn; but it's worth that to me, so that I never have to worry about it for output.
0
 
kadinAuthor Commented:
Thanks. All this is new to me, so I was not even sure if I could do this.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now