If I need to display $_GET values in templates, why not using strip_tags() to prevent xss attack instead of htmlspecialchars()?
strip_tags() removes content, htmlspecialchars() makes the content save for insertion in HTML-context.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.