20 June 2025

Escaping a value for use in an HTML attribute using htmlspecialchars in PHP. Ensures that special characters like quotes, angle brackets, and ampersands are converted into their corresponding HTML entities, which prevents browsers from interpreting them as HTML or JavaScript. This helps protect against cross-site scripting (XSS) vulnerabilities.

Source code viewer
  1. $escaped = htmlspecialchars($userInput, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
  2. echo '<input value="' . $escaped . '">';
Programming Language: PHP