Post

html escaping in PHP

Posted Updated
By Victor Elgersma
1 min read

Use htmlspecialchars() for this:

1
2

php > echo htmlspecialchars("<script>");
&lt;script&gt;

This will prevent (most) XSS attacks.

php
This post is licensed under CC BY 4.0 by the author.