PHP htmlspecialchars encode -


i must mention first of all. im newbie in php, pls understand me.

i have difficult form..

    <form action="something.php" method="get">     <input type="text" name="something">     <input type="submit" value="send"> 

in "something.php" have line of code:

   <?php    $something = $_get["something"];    ?> 

when write in html form, <a href="#">asdqw</a> example, it's show me code...

understand me.. im newbie on that, , want learn..

i want encode that, if write characters < , > , $ , ^ etc, , display else, cuz dont want affect me.

i want mention, use , database. write in form, saved in database, , showed in page, , in url bar like: "http://some-site.com/page.php?something=something" . hope understand me, , forgive me bad language. im romanian, , dont want use translator.

use htmlspecialchars():

$something = htmlspecialchars($_get['something'], ent_quotes | ent_html5); 

you should use method outputting data in html context.
if want save data database, should rather use mysqli , prepared statements or pdo.

here nice answer showing important information edge cases of prepared statements/pdo , mysqli::real_escape_string(): sql injection gets around mysql_real_escape_string()


Comments

Popular posts from this blog

Detect support for Shoutcast ICY MP3 without navigator.userAgent in Firefox? -

web - SVG not rendering properly in Firefox -

java - JavaFX 2 slider labelFormatter not being used -