Solved

Should I undo html special chars?

Posted on 2013-12-10
4
293 Views
Last Modified: 2013-12-10
I set up a simple contact/email form with php verification.

In a contact form I set up should I undo html special chars when the message is sent to the office so that customer messages aren't altered?

What is industry standard?
0
Comment
Question by:burnedfaceless
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 13

Accepted Solution

by:
Carl Bohman earned 500 total points
ID: 39708977
If you have a simple form, you are likely just taking in plain text, right?  There shouldn't be a need to undo special characters in a case like that, since there won't be any.

However, if what you are concerned about is a user embedding malicious code in their message, then I would go ahead and escape everything they submit using a standard function (like PHP's htmlspecialchars) to prevent execution.  Just keep in mind that you will then need to unescape it to use it in a text-only context.
0
 

Author Comment

by:burnedfaceless
ID: 39708982
How do you unescape it? And in what part of the process do you do this?
0
 

Author Comment

by:burnedfaceless
ID: 39708987
I guess before you mail it?
0
 

Author Comment

by:burnedfaceless
ID: 39708988
I'm just going to leave it. If I tweak it too much I'll have to keep my email in it longer.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question