Is it best practice to apply htmlspecialchars using array_walk_recursive on all POST variables, except for passwords?

It is best practice to apply htmlspecialchars using array_walk_recursive on all POST variables to prevent cross-site scripting (XSS) attacks by encoding special characters. However, passwords should not be encoded as it may alter the input and cause login issues. By using array_walk_recursive, we can easily loop through all POST variables and apply htmlspecialchars accordingly.

// Apply htmlspecialchars using array_walk_recursive on all POST variables, except for passwords
array_walk_recursive($_POST, function(&amp;$item, $key){
    if($key !== &#039;password&#039;){
        $item = htmlspecialchars($item, ENT_QUOTES);
    }
});

Keywords

htmlspecialchars array_walk_recursive POST variables passwords security

Is it best practice to apply htmlspecialchars using array_walk_recursive on all POST variables, except for passwords?

Keywords

Related Questions