data pulled from db

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: use htmlentities

Post by superdezign »

yacahuma wrote:I think for security you should use htmlentities

Code: Select all

<input type="text" id="myval" value="<?=htmlentities($dbval)?>" />
I just felt that I should comment here about htmlentities being used. It's not so much of an issue of security, but that you must use htmlspecialchars() or htmlentities() whenever you echo any data back into an HTML field anyway, unless you filter the data (and don't allow quotation marks). A lot of people seem to ignore this fact, so I thought it'd be good for me to point it out.

Also, the short echo tag (<?=) should be <?php echo. The short tags will be deprecated come PHP 6.
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Post by kippy »

have you worked with the IPN scripts from paypal? I am using one to enter the confirmed data into a databas table, works fine..., but for some reaosn I can't season to access the variables on the same script....i attempt to do a simple echo and get nothing....maybe it is the late hours and lack of sleep...
Post Reply