I have some variables in PHP (strings) and I vould like to check if inside of those strings I have some javascript code. If so, I would like to make this code inactive and be displayed as string on the website, not to be executed as javascript code.
This will be a kind of security method.
Is there a method to do it in php? If you could give me an example, it's even better.
Thank you very much for your help.
You should be using htmlspecialchars() for any content you output into HTML. It escapes any HTML entities so that they are not taken literally. For example, < becomes <. This also solves your problem.
http://php.net/manual/en/function.htmlspecialchars.php
In addition to Brad's answer, consider reading the first answer here for a short summary and then the therein mentioned article afterwards.
This can help you to easily avoid outputting unsafe strings by accident.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With