How to safely output HTML from a PHP program?

You always want to HTML-encode things inside HTML attributes, which you can do with htmlspecialchars:

<span title="<?php echo htmlspecialchars($variable); ?>">

You probably want to set the second parameter ($quote_style) to ENT_QUOTES.

The only potential risk is that $variable may already be encoded, so you may want to set the last parameter ($double_encode) to false.

Related Contents:

  1. HTML,PHP – Escape ” symbols while echoing
  2. something wrong with replace string? [closed]
  3. No response to update query in oracle [closed]
  4. Grabbing the href attribute of an A element
  5. How to extract img src, title and alt from html using php? [duplicate]
  6. How do you parse and process HTML/XML in PHP?
  7. How to retrieve images from MySQL database and display in an html tag
  8. How can I echo HTML in PHP?
  9. Parse error: Syntax error, unexpected end of file in my PHP code
  10. dynamic drop down box?
  11. Seo Friendly URL results in CSS IMG and JS not working
  12. PHP: How do you determine every Nth iteration of a loop?
  13. How to escape strings in SQL Server using PHP?
  14. HTML/PHP – Form – Input as array
  15. Can HTML be embedded inside PHP “if” statement?
  16. How to remove both .php and .html extensions from url using NGINX?
  17. How do I get the HTML code of a web page in PHP?
  18. How can I replace newline or \r\n with ?
  19. Escaping single quote in PHP when inserting into MySQL [duplicate]
  20. Submit an HTML form with empty checkboxes
  21. Fetching data from MySQL database to html dropdown list
  22. Why is PDO better for escaping MySQL queries/querystrings than mysql_real_escape_string?
  23. How to parse HTML in PHP?
  24. HTML Scraping in Php [duplicate]
  25. How to force a file to download in PHP
  26. Can you put PHP inside PHP with echo? [closed]
  27. How to embed images in html email
  28. PHP POST not working
  29. jQuery AJAX form using mail() PHP script sends email, but POST data from HTML form is undefined
  30. PHP quotes inside quotes
  31. Equivalent of include() in HTML
  32. Convert PDF to HTML [closed]
  33. Dynamic table in HTML using MySQL and php
  34. How can we open a link in private browsing mode
  35. Creating dynamic tables in HTML using MySQL and PHP
  36. PHP HTML DOMDocument getElementById problems
  37. Send email with PHPMailer – embed image in body
  38. Using php to output an mp4 video
  39. php: Get html source code with cURL
  40. How to get int instead string from form?
  41. PHP Upload, extract and progressbar
  42. Do I need to escape backslashes in PHP?
  43. How to display XML in HTML in PHP?
  44. How to embed images in a single HTML / PHP file?
  45. Count and limit the number of files uploaded (HTML file input)
  46. Convert .doc to html in php [closed]
  47. Capture newline from a textarea input
  48. How can I view/open a word document in my browser using with PHP or HTML
  49. HTML Form POST to PHP page [closed]
  50. How to save webpage as a image file using PHP?

Leave a Comment