sepoto Posted October 8, 2012 Share Posted October 8, 2012 I am currently reading the title "Essential PHP Security". I see one of the topics is concerning the use of "htmlentities()". I have looked up the functions man page on php.net and I do understand what it is doing however I don't yet fully understand how the use of "htmlentities()" is supposed to make my application more secure. Could someone explain this a bit? Thanks! Link to comment Share on other sites More sharing options...
Ingolme Posted October 8, 2012 Share Posted October 8, 2012 It means that people can't add unwanted HTML to your page. 1 Link to comment Share on other sites More sharing options...
justsomeguy Posted October 8, 2012 Share Posted October 8, 2012 That only applies if people are submitting text that you are displaying on your site. If you let them submit whatever they want and you display it then they can submit HTML or Javascript code that would be added to your site, which is one way to attack your users. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now