Code Snippets

Escape output safely to prevent XSS attacks | php

If you don't escape output, someone can easily do something like /404.php?uri=
Always escape your output. If you are not using a template engine like twig/blade/smarty you have to be careful.

// // just set we got $var from $_POST

$var = $_POST('username');

$var = htmlspecialchars($var);

// // now safe to echo to html
// // NOT safe to input into DB yet though, you must sanitize that first

echo $var;

Published: Wed 27th December 2017
||COMMENTS|| This site proudly uses PrismJS to display code snippets

If you like this page, please share it.

Code Links - PHP, JS, CSS, Bootstrap, Bash, Emmet, IntelliJ, Sublime etc.

My personal list of links which I keep here publicly incase they help someone else one day.

Code Snippets

Snippets of PHP code I have gathered over the years. I keep them here for my own repository but also to share with others. I always link back when I remember the source.

My Github Repos

A work in progress. I am going to make as many modules that I write in my devbox public as possible.

Kit's Homepage

This site was originally intended as a test bed for code. It now includes my blog about business and powerlifting, as well as games for Spanish language learning

© 2018