Hello lovely people of StackOverflow,
I built an application to store movies, so i can search for them at a later time. All is working but i'm trying to prevent XSS, I've looked at W3School htmlspecialchars, but the problem i'm running into is that i'm returning multiple fields results such a s"keywords" " category" "Date Saved" "Website".
I can prevent XSS on only one field but then the rest of the fields don't return any data.
Here is the code that echo's the data from the database:
echo "<tr align='center' bgcolor='#0f7ea3'>
<td height='25px'>"
.$results['Website']."</td>
<td>".$results['Keywords']."</td>
<td>".$results['Category']."</td>
<td>".$results['Date Saved']."</td>
<td> <a href='" . $results['Website'] . "'>Click To Access Your Link</a></td>
</tr>" ;
Hopefully I've explained my issue correctly.
Thanks
This is an update to the suggestion provided by "nobody"
The code provided was accurate except with the "." placement. Other than that, the code worked perfect.
Suggested:
<td>"htmlspecialchars(.$results['Date Saved'], ENT_QUOTES)."</td>
Correct Code:
<td>".htmlspecialchars($results['Date Saved'], ENT_QUOTES)."</td>
Complete Working Code:
echo "<tr align='center' bgcolor='#0f7ea3'>
<td height='25px'>"
.htmlspecialchars($results['Website'], ENT_QUOTES)."</td>
<td>".htmlspecialchars($results['Keywords'], ENT_QUOTES)."</td>
<td>".htmlspecialchars($results['Category'], ENT_QUOTES)."</td>
<td>".htmlspecialchars($results['Date Saved'], ENT_QUOTES)."</td>
<td> <a href='" . htmlspecialchars($results['Website'], ENT_QUOTES) . "'>Click To Access Your Link</a></td>
</tr>" ;
Thank you so much.