should i use php's htmentities() with pdo to filter input and output escapeing, to protect from xss attack ?
2条回答 默认 最新
- duanjiaren8188 2011-05-10 03:48关注
Use
htmlentities
(or preferablyhtmlspecialchars
) when outputting user supplied content in an HTML context (i.e. when displaying it on your website). Don't HTML escape values that go into the database, since there's no XSS vulnerability there and you usually want to store the raw data in the database and escape it later as necessary.本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 有没有会使用flac3d软件的家人
- ¥20 360摄像头无法解绑使用,请教解绑当前账号绑定问题,
- ¥15 docker实践项目
- ¥15 数电几道习题,写出作答过程,ai一律不采用
- ¥15 利用pthon计算薄膜结构的光导纳
- ¥15 海康hlss视频流怎么播放
- ¥15 Paddleocr:out of memory error on GPU
- ¥30 51单片机C语言数码管驱动单片机为AT89C52
- ¥100 只改动本课件的 cal_portfolio_weight_series(decision_date), 跑完本课件。设计一个信息比率尽量高的策略。
- ¥20 如何在visual studio 2022中添加ImageMagick库