InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more

Menu
  • Home
  • Sitemap

Python Programming Language Best Tutorials and Code Examples

Learn Python Right Now!
Home
PHP
Avoiding Cross-Site Scripting in PHP
PHP

Avoiding Cross-Site Scripting in PHP

InfinityCoder December 20, 2016

You need to safely avoid cross-site scripting (XSS) attacks in your PHP applications.

Escape all HTML output with htmlentities(), being sure to indicate the correct character encoding:

1
2
3
4
5
6
7
8
9
10
/* Note the character encoding. */
header('Content-Type: text/html; charset=UTF-8');
 
/* Initialize an array for escaped data. */
$html = array();
 
/* Escape the filtered data. */
$html['username'] = htmlentities($clean['username'], ENT_QUOTES, 'UTF-8');
 
echo "<p>Welcome back, {$html['username']}.</p>";

The htmlentities() function replaces each character with its HTML entity, if it has one. For example, > is replaced with &gt;.

Although the immediate effect is that the data is modified, the purpose of the escaping is to preserve the data in a different context.
Whenever a browser renders &gt; as HTML, it appears on the screen as >. XSS attacks try to take advantage of a situation where data provided by a third party is included in the HTML without being escaped properly.

A clever attacker can provide code that can be very dangerous to your users when interpreted by their browsers.

By using htmlentities(), you can be sure that such third-party data is displayed properly and not interpreted.

Share
Tweet
Email
Prev Article
Next Article

Related Articles

Randomizing an Array in PHP
You want to scramble the elements of an array in …

Randomizing an Array in PHP

Adding to or Subtracting from a Date in PHP
You need to add or subtract an interval from a …

Adding to or Subtracting from a Date in PHP

About The Author

InfinityCoder
InfinityCoder

Leave a Reply

Cancel reply

Recent Tutorials InfinityQuest

  • Adding New Features to bash Using Loadable Built-ins in bash
    Adding New Features to bash Using Loadable …
    June 27, 2017 0
  • Getting to the Bottom of Things in bash
    Getting to the Bottom of Things in …
    June 27, 2017 0

Recent Comments

  • fer on Turning a Dictionary into XML in Python
  • mahesh on Turning a Dictionary into XML in Python

Categories

  • Bash
  • PHP
  • Python
  • Uncategorized

InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more

About Us

Start learning your desired programming language with InfinityQuest.com.

On our website you can access any tutorial that you want with video and code examples.

We are very happy and honored that InfinityQuest.com has been listed as a recommended learning website for students.

Popular Tags

binary data python CIDR convert string into datetime python create xml from dict python dictionary into xml python how to create xml with dict in Python how to write binary data in Python IP Address read binary data python tutorial string as date object python string to datetime python

Archives

  • June 2017
  • April 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
Copyright © 2021 InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more
Programming Tutorials | Sitemap