If I need to display $_GET
values in templates, why not using strip_tags()
to prevent xss attack instead of htmlspecialchars()
?
strip_tags() removes content, htmlspecialchars() makes the content save for insertion in HTML-context.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.