Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to echo a $_GET safely? [duplicate]

Tags:

php

<?php
    echo $_GET['id'];
?>

Doesn't look very safe to me.. What is our best option to show an GET element?

Something like a preg_replace on all the special characters, or htmlspecialchars?

like image 485
Merijn Den Houting Avatar asked Dec 09 '22 11:12

Merijn Den Houting

2 Answers

Depends on what you are doing to do with $_GET['id'];

If you are looking to insert it into database , Just make use of Prepared Statements. [That suffices]

If you just want to display it on your HTML page, make use of this code.

<?php
    echo htmlentities($_GET['id']);
?>
like image 150
Shankar Narayana Damodaran Avatar answered Dec 11 '22 01:12

Shankar Narayana Damodaran

 
<?php
    echo htmlspecialchars($_GET['id']);
?>
like image 40
Paul Draper Avatar answered Dec 11 '22 00:12

Paul Draper
Sign in to Comment

Related questions

symfony2: should bootstrap.php.cache be in gitignore?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!