Sanitize url in PHP
Consider below url entered by user:
1. How to prevent loading JS contents in iframe?
What are ways to stop this type of cross-site scripting?
htmlentities or htmlspecialchars
Another thing, make sure you validate ALL input, especially anything that is accessible via a URL
<?php echo htmlentities($_GET['id']); ?>
<?php $validateId = (int)$_GET['id'];
echo $validateId; ?>
But how can I prevent execution of any JS function from url?
See my prior post, use htmlentities when you output anything you receive from a URL variable or a posted form.
Originally Posted by neel1979