Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Should I undo html special chars?

Posted on 2013-12-10
4
Medium Priority
?
311 Views
Last Modified: 2013-12-10
I set up a simple contact/email form with php verification.

In a contact form I set up should I undo html special chars when the message is sent to the office so that customer messages aren't altered?

What is industry standard?
0
Comment
Question by:burnedfaceless
  • 3
4 Comments
 
LVL 13

Accepted Solution

by:
Carl Bohman earned 2000 total points
ID: 39708977
If you have a simple form, you are likely just taking in plain text, right?  There shouldn't be a need to undo special characters in a case like that, since there won't be any.

However, if what you are concerned about is a user embedding malicious code in their message, then I would go ahead and escape everything they submit using a standard function (like PHP's htmlspecialchars) to prevent execution.  Just keep in mind that you will then need to unescape it to use it in a text-only context.
0
 

Author Comment

by:burnedfaceless
ID: 39708982
How do you unescape it? And in what part of the process do you do this?
0
 

Author Comment

by:burnedfaceless
ID: 39708987
I guess before you mail it?
0
 

Author Comment

by:burnedfaceless
ID: 39708988
I'm just going to leave it. If I tweak it too much I'll have to keep my email in it longer.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question