We save data in our DB after passing it via htmlentities method to avoid any injection attacks
And while using it back, we do html_entity_decode to get back the original value. In some cases in our code, the htmlentities is done 2-3 times on the same peice of data due to our saving techniques (hard to explain). So we basically want to avoid encoding the same strings multiple times.
Is there a good reliable way to detect if a string has been passed via htmlentities method already?
I guess one way is to check for stuff like " in the ecoded string, but anything more reliable? Any in built method that just tells me if a string is encoded or not?
We are using Laravel, maybe a helper method in there that could help us?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire