Getting Started
Nature and Scope of the Problem
Understanding Filtering, Validation,
and Output Escaping
Preventing the Most
Common Forms of Attack
Protecting Against Common
Website Vulnerabilities
Protecting Against
SQL Injection Attacks
About the Author
What are the most common PHP
output escaping functions?
htmlentities()
.
Converts a character into its HTML equivalent
Example: < becomes <
htmlspecialchars()
.
Subset of htmlentities()
Faster but not as thorough
Converts 5 characters
+
o
-