html_escape¶
Summary¶
- html_escape(string $value)¶
Escape the value to display properly as HTML.
This uses the ‘html_escape’ filter for escaping.
Parameters: - $value (string) –
Returns: string
Usage¶
To avoid Cross Site Scripting attacks, any data coming from a client ($_GET, $_POST, etc) should be escaped.
Examples¶
<?php echo html_escape($_GET['search_text']); ?>