Sanitize url in PHP

Consider below url entered by user:

  1. How to prevent loading JS contents in iframe?
  2. Is it possible to prevent url loading if it contains any javascript function?

What are ways to stop this type of cross-site scripting?


[fphp]htmlentities[/fphp] or [fphp]htmlspecialchars[/fphp]


<?php echo htmlentities($_GET['id']); ?>

Another thing, make sure you validate ALL input, especially anything that is accessible via a URL

<?php $validateId = (int)$_GET['id']; 
echo $validateId; ?>

But how can I prevent execution of any JS function from url?

See my prior post, use htmlentities when you output anything you receive from a URL variable or a posted form.