Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 315
  • Last Modified:

Should I undo html special chars?

I set up a simple contact/email form with php verification.

In a contact form I set up should I undo html special chars when the message is sent to the office so that customer messages aren't altered?

What is industry standard?
0
burnedfaceless
Asked:
burnedfaceless
  • 3
1 Solution
 
Carl BohmanCommented:
If you have a simple form, you are likely just taking in plain text, right?  There shouldn't be a need to undo special characters in a case like that, since there won't be any.

However, if what you are concerned about is a user embedding malicious code in their message, then I would go ahead and escape everything they submit using a standard function (like PHP's htmlspecialchars) to prevent execution.  Just keep in mind that you will then need to unescape it to use it in a text-only context.
0
 
burnedfacelessAuthor Commented:
How do you unescape it? And in what part of the process do you do this?
0
 
burnedfacelessAuthor Commented:
I guess before you mail it?
0
 
burnedfacelessAuthor Commented:
I'm just going to leave it. If I tweak it too much I'll have to keep my email in it longer.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now