html_escape
— Escape a value to display properly as HTML.
Summary
- html_escape($value)
Escape a value to display properly as HTML.
This uses the ‘html_escape’ filter for escaping.
- Parameters:
$value (
string
) –
- Returns:
string
Usage
To avoid Cross Site Scripting attacks, any data coming from a
client ($_GET
, $_POST
, etc) should be escaped.
Examples
<?php echo html_escape($_GET['search_text']); ?>