Menu
<?php
$x = array("<b>","<i>","b","i","<h1>hello</h1>");
print_r ($x);
echo "<hr>";
var_dump ($x);
outputs this in the html source!
Array
(
[0] => <b>
[1] => <i>
[2] => b
[3] => i
[4] => <h1>hello</h1>
)
<hr>array(5) {
[0]=>
string(3) "<b>"
[1]=>
string(3) "<i>"
[2]=>
string(1) "b"
[3]=>
string(1) "i"
[4]=>
string(14) "<h1>hello</h1>"
}
obviously, I could have been XSS'ed by that!
How can I make sure that the array values are htmlencoded?
526
echo <pre>;
echo htmlspecialchars(print_r($key['value'], true));
echo '</pre>';
I use this code to output an array value (contains adsense code) from no sql database.
197
While this question has an accepted answer, I think David Morrow's answer is the best/ simplest/ most practical (uses the print_r true flag):
echo "<pre>".htmlentities(print_r($some_array, true))."</pre>";
Never-the-less, here is another solution that uses output buffering:
<?php
ob_start();
print_r($some_array);
$buffer = ob_get_clean();
echo "<pre>".htmlentities($buffer)."</pre>";
?>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
