My simple implementation of PHP strip_tags()
Adam D. Ruppe via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jun 28 12:20:47 PDT 2017
On Wednesday, 28 June 2017 at 19:14:19 UTC, aberba wrote:
> I'm already using prepared statements thoroughly. strip_tags()
> has its own uses beside making it safe for db storage.
prepared statements fight sql injection at save time. HTML
encoding is about fighting XSS when displaying stuff to the
browser.
XSS is when some user inserts a script on your site that another
user then sees and executes as them.
Personally, I'd never use a strip_tags function. I'd actually
parse the html, work on a dom level, then reoutput it with proper
encoding for whatever context it is being used in.
More information about the Digitalmars-d
mailing list