How can HTML output in text fields be prevented in PHP?

To prevent HTML output in text fields in PHP, you can use the htmlspecialchars function to escape special characters before displaying the input in the text field. This will ensure that any HTML tags or special characters are displayed as plain text and not rendered as HTML.

&lt;?php
$input = &quot;&lt;script&gt;alert(&#039;XSS attack&#039;);&lt;/script&gt;&quot;;
echo &#039;&lt;input type=&quot;text&quot; value=&quot;&#039; . htmlspecialchars($input) . &#039;&quot;&gt;&#039;;
?&gt;

Keywords

PHP htmlspecialchars XSS security input validation

How can HTML output in text fields be prevented in PHP?

Keywords

Related Questions