Prevent XSS Attacks. Escape Strings in PHP
Here’s how to prevent XSS attacks by escaping output in PHP: Here’s the code I used in the video: What Is XSS? XSS stands for cross-site scripting and it refers to a type of attack where a hacker injects malicious client-side code into the output of your page. Applications that don’t escape their output are vulnerable to this type of attack. XSS Example A simple example is a blog comment. If not properly escaped, an attacker could enter (for example) JavaScript code into the blog comment. That code would be stored in the database, output to the page when loaded,