Example..
HTML :
<input type="hidden" value="">
PHP :
<input type="hidden" value="<?php echo $value;?>">
jQuery :
$("input:hidden").val(text);
If text
(JS variable) is free text, All html special characters allowed (like single quote / double quote) and save to input:hidden
(so submit by PHP)
What is a correctly way to do ?
May I use
echo htmlentities($value);
... in PHP
or replace quotes in jQuery like .val(text.replace(/'/g,"'"))
or what ?
PS : Please think about when I set value to input to save value with jQuery too.
Converting to htmlentities should work fine.
You can also use strip_tags if you want to remove all HTML tags :
Note: this will NOT stop all XSS attacks
If you want to echo a PHP variable into some HTML, use:
<input type="hidden" value="<?php echo htmlspecialchars($value); ?>">
http://php.net/manual/en/function.htmlspecialchars.php
If you want to echo a PHP variable into some JavaScript, use:
<?php echo json_encode($value); ?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.