I am doing a site for a client, a very security oriented client, and they told me I need to do the following:
You will need to do the encode on the server-side… In PHP, you can use the htmlentities() function to encode or escape non-alphanumeric characters, i.e.
$clean_email = htmlentiities($_POST[’email’);
I am trying to secure a contact form with the typical Name, Email, Message.
Can anyone help me with this? What code and where do I need to add it? (Fucntions.php?) thanks!
- The topic ‘htmlentities function to avoid xss injection attacks’ is closed to new replies.