If you don't escape output, someone can easily do something like /404.php?uri=
Always escape your output. If you are not using a template engine like twig/blade/smarty you have to be careful.
// // just set we got $var from $_POST $var = $_POST('username'); $var = htmlspecialchars($var); // // now safe to echo to html // // NOT safe to input into DB yet though, you must sanitize that first echo $var;
My personal list of links which I keep here publicly incase they help someone else one day.
Snippets of PHP code I have gathered over the years. I keep them here for my own repository but also to share with others. I always link back when I remember the source.
This site was originally intended as a test bed for code. It now includes my blog about business and powerlifting, as well as games for Spanish language learning