Kinderly Wade
asked on
Why and when to use htmlentities and htmlspecialchars
Dear experts,
I know what htmlentites and htmlspecialchars do as in converting <, >, &, etc... into <, > etc..
I wish to know when to use these functions and shall I store conveted values such as <, > etc. into database?
Thanks
I know what htmlentites and htmlspecialchars do as in converting <, >, &, etc... into <, > etc..
I wish to know when to use these functions and shall I store conveted values such as <, > etc. into database?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi experts,
If I don't store the converted value into database, what can I do to prevent a sql injection? I am trying to convert characters in away that can be safely stored into database with sql injection prevention. Thanks.
If I don't store the converted value into database, what can I do to prevent a sql injection? I am trying to convert characters in away that can be safely stored into database with sql injection prevention. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Use these functions whenever your script creates output from user input. Typically this would be in the View component of the MVC design pattern. The idea is to make stray and unwanted HTML and JavaScript into something that is safe for the client browsers. If you do not do this, the client browser will run JavaScript when you send the JavaScript, and that may include doing some rather nasty things to the clients.