Given the following two HTML/PHP snippets:
<input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>" />
and
<textarea name="content"><?php echo $_POST['content']; ?></textarea>
what character encoding do I need to use for the echoed $_POST variables? Can I use any built-in PHP functions?
Please assume that the $_POST values have not been encoded at all yet. No magic quotes - no nothing.
Use htmlspecialchars($_POST['firstname']) and htmlspecialchars($_POST['content']).
Always escape strings with htmlspecialchars() before showing them to the user.