Hi,
I found this php code on a tutorial. Registration/Signup page php.
It goes something like this:
[code]
<form action=”” method=”post”>
<div>
<?php if ($id != ”) { ?>
<input type=”hidden” name=”id” value=”<?php echo $id; ?>” />
<p>ID: <?php echo $id; ?></p>
<?php } ?>
<strong>First Name: *</strong> <input type=”text” name=”firstname”
value=”<?php echo $first; ?>”/><br/>
<strong>Last Name: *</strong> <input type=”text” name=”lastname”
value=”<?php echo $last; ?>”/>
<p>* required</p>
<input type=”submit” name=”submit” value=”Submit” />
</div>
</form>
</body>
</html>
<?php
$firstname = htmlentities($_POST[‘firstname’], ENT_QUOTES);
$lastname = htmlentities($_POST[‘lastname’], ENT_QUOTES);
?>
Q1. Notice the last 2 lines.
Why the htmlentities being used here ?
Q2. Shall I keep it and add another line to add filter ? Like this:
[code]
$firstname = htmlentities($_POST[‘firstname’], ENT_QUOTES);
$firstname = filter_var($firstname, FILTER_SANITIZE_STRING);
$lastname = htmlentities($_POST[‘lastame’], ENT_QUOTES);
$lastname = filter_var($lastname, FILTER_SANITIZE_STRING);
Or, should I just settle for:
[code]
$firstname = filter_var($firstname, FILTER_SANITIZE_STRING);
$lastname = filter_var($lastname, FILTER_SANITIZE_STRING);
And forget the htmlentities line ?