lundi 12 juillet 2021

How to tell if a string has been passed through htmlentities in PHP? And it needs html_entity_decode?

We save data in our DB after passing it via htmlentities method to avoid any injection attacks

And while using it back, we do html_entity_decode to get back the original value. In some cases in our code, the htmlentities is done 2-3 times on the same peice of data due to our saving techniques (hard to explain). So we basically want to avoid encoding the same strings multiple times.

Is there a good reliable way to detect if a string has been passed via htmlentities method already?

I guess one way is to check for stuff like " in the ecoded string, but anything more reliable? Any in built method that just tells me if a string is encoded or not?

We are using Laravel, maybe a helper method in there that could help us?



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire