How to prevent XSS with HTML/PHP?

Basically you need to use the function htmlspecialchars() whenever you want to output something to the browser that came from the user input.

The correct way to use this function is something like this:

echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8');

Google Code University also has these very educational videos on Web Security:

  • How To Break Web Software – A look at security vulnerabilities in
    web software

  • What Every Engineer Needs to Know About Security
    and Where to Learn It

Leave a Comment