Does this depend on if the input is going to be printed to the user? In my case I need to return the input back to the user (comment开发者_开发知识库s and bio).
Thanks!!!
htmlspecialchars() is enough to prevent XSS.
Strip tags removes tags but not special characters like " or ', so if you use strip_tags() you also have to use htmlspecialchars().
If you want users' comments to be displayed like they typed them, don't use strip_tags, use htmlspecialchars() only.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论