I have a page, where I have approximately 90 items I need to output. Most of them are object properties (I am using ORM so these objects map to my database tables). But the question is, do I have to encode each of those开发者_Go百科 90 outputs by applying functions to each (in my case, the htmlspecialchars)? Wouldn't that add a bit of an overhead (calling a single function 90 times)?
EDIT: The term is "output encoding"...hehe
Someone will, at some point, enter data that can mess up your HTML page. They may do this accidentally (the company name has an ">" in it), or intentionally (see XSS).
So, yes, always properly encode output.
 
         
                                         
                                         
                                         
                                        ![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif) 
                                         
                                         
                                         
                                         加载中,请稍侯......
 加载中,请稍侯......
      
精彩评论