Menu
Community /Pin to ProfileBookmark
@NogDogJul 01.2021 — #First you have to ask and answer the question: what are you trying to accomplish, and why? In other words:
Simply copying somebody's function from wherever you found it is worthless if it does not address whatever it is that you want/need to accomplish.@NogDogJul 05.2021 — #
That's not what I asked.
striptags() Useless after htmlspecialchars()
Folks,
Is not this following code taught in tutorials ridiculous ?
“`
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
**$data = htmlspecialchars($data);
$data = strip_tags($data);**
return $data;
}
Note the 2 **asterisked
Why ? Here’s why …
If the input is this:
[code]
$input_3 = ‘<a href=”http://www.url.com/index.php”>Link</a>’;
Then this line is ignored:
[code]
$data = strip_tags($data);
As the output is this:
**<a href=”
If striptags() is ignored then what’s the use of having it after the line:
[code]
$data = htmlspecialchars($data);
See my point ?
And so, the code must be either of the two:
[code]
<?php
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
$data = htmlspecialchars($data);
return $data;
}
$input_3 = ‘<a href=”http://www.url.com/index.php”>Link</a>’;
echo test_input($input_3);
?>
[code]
<?php
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
$data = striptags($data);
return $data;
}
$input_3 = ‘<a href=”http://www.url.com/index.php”>Link</a>’;
echo test_input($input_3);
?>
But not both, like this:
[code]
<?php
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
$data = htmlspecialchars($data);
$data = striptags($data);
return $data;
}
$input_2 = ‘http://www.url.com/index.php’;
$input_3 = ‘<a href=”http://www.url.com/index.php”>Link</a>’;
echo test_input($input_3);
?>
Yes or no ?
Sign in
to post a comment5 Comments(s) ↴
0
@NogDogJul 01.2021 — #First you have to ask and answer the question: what are you trying to accomplish, and why? In other words:Simply copying somebody's function from wherever you found it is worthless if it does not address whatever it is that you want/need to accomplish.
0
@NogDogJul 05.2021 — #>@developer_web#1633735 Now you know what the user inputs will be.
That's not what I asked.
>@NogDog#1633604
>
* What is the source of the input? [This is all your responded to]
>* What do you plan to do with the input?
>* What data transformation is necessary to accomplish that (and why do you think that transformation is necessary)?