sepoto 1 Posted October 8, 2012 Report Share Posted October 8, 2012 I am currently reading the title "Essential PHP Security". I see one of the topics is concerning the use of "htmlentities()". I have looked up the functions man page on php.net and I do understand what it is doing however I don't yet fully understand how the use of "htmlentities()" is supposed to make my application more secure. Could someone explain this a bit? Thanks! Quote Link to post Share on other sites
Ingolme 1,020 Posted October 8, 2012 Report Share Posted October 8, 2012 It means that people can't add unwanted HTML to your page. 1 Quote Link to post Share on other sites
justsomeguy 1,135 Posted October 8, 2012 Report Share Posted October 8, 2012 That only applies if people are submitting text that you are displaying on your site. If you let them submit whatever they want and you display it then they can submit HTML or Javascript code that would be added to your site, which is one way to attack your users. 1 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.