Solved

Should I undo html special chars?

Posted on 2013-12-10
4
285 Views
Last Modified: 2013-12-10
I set up a simple contact/email form with php verification.

In a contact form I set up should I undo html special chars when the message is sent to the office so that customer messages aren't altered?

What is industry standard?
0
Comment
Question by:burnedfaceless
  • 3
4 Comments
 
LVL 13

Accepted Solution

by:
Carl Bohman earned 500 total points
ID: 39708977
If you have a simple form, you are likely just taking in plain text, right?  There shouldn't be a need to undo special characters in a case like that, since there won't be any.

However, if what you are concerned about is a user embedding malicious code in their message, then I would go ahead and escape everything they submit using a standard function (like PHP's htmlspecialchars) to prevent execution.  Just keep in mind that you will then need to unescape it to use it in a text-only context.
0
 

Author Comment

by:burnedfaceless
ID: 39708982
How do you unescape it? And in what part of the process do you do this?
0
 

Author Comment

by:burnedfaceless
ID: 39708987
I guess before you mail it?
0
 

Author Comment

by:burnedfaceless
ID: 39708988
I'm just going to leave it. If I tweak it too much I'll have to keep my email in it longer.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
phpmyadmin 3 33
Update from TABLE-A to TABLE-B 5 39
Making register page log you in after registration is complete. 2 13
WP_Query multiple custom taxonomies 5 27
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now