PHP htmlspecialchars encode -
i must mention first of all. im newbie in php, pls understand me.
i have difficult form..
<form action="something.php" method="get"> <input type="text" name="something"> <input type="submit" value="send">
in "something.php" have line of code:
<?php $something = $_get["something"]; ?>
when write in html form, <a href="#">asdqw</a>
example, it's show me code...
understand me.. im newbie on that, , want learn..
i want encode that, if write characters < , > , $ , ^
etc, , display else, cuz dont want affect me.
i want mention, use , database. write in form, saved in database, , showed in page, , in url bar like: "http://some-site.com/page.php?something=something" . hope understand me, , forgive me bad language. im romanian, , dont want use translator.
use htmlspecialchars()
:
$something = htmlspecialchars($_get['something'], ent_quotes | ent_html5);
you should use method outputting data in html context.
if want save data database, should rather use mysqli , prepared statements or pdo.
here nice answer showing important information edge cases of prepared statements/pdo , mysqli::real_escape_string()
: sql injection gets around mysql_real_escape_string()
Comments
Post a Comment