Sunday, August 11, 2019

Prevent / Defend Against XSS Attack in PHP

Include funtion e. This will escape malicious js stuff.

function e($value)
{
    return htmlspecialchars($value, ENT_QUOTES, 'UTF-8', false);
}

Call function e to the input you need to display. For example

<input type="text" value="<?=e($_GET['q']??'')?>">
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)