html_escape

Text-related functions

Summary

html_escape(string $value)

Escape the value to display properly as HTML.

This uses the ‘html_escape’ filter for escaping.

Parameters:
  • $value (string) –
Returns:

string

Usage

To avoid Cross Site Scripting attacks, any data coming from a client ($_GET, $_POST, etc) should be escaped.

Examples

<?php echo html_escape($_GET['search_text']); ?>

See Also