Bird
0
0

How can you safely handle user input from a form to prevent cross-site scripting (XSS) attacks in PHP?

hard📝 Application Q9 of 15
PHP - Superglobals and Web Context
How can you safely handle user input from a form to prevent cross-site scripting (XSS) attacks in PHP?
AUse htmlspecialchars() on form input before output
BUse $_POST without any filtering
CUse strip_tags() only on numeric inputs
DTrust input if form uses POST method
Step-by-Step Solution
Solution:

  1. Step 1: Understand XSS risk

    User input can contain harmful HTML or scripts that run in browsers.

  2. Step 2: Use htmlspecialchars() to encode special characters

    This converts HTML tags to safe text preventing script execution.

  3. Final Answer:

    Use htmlspecialchars() on form input before output -> Option A

  4. Quick Check:

    Encode output with htmlspecialchars() to prevent XSS [OK]
Quick Trick: Always encode output with htmlspecialchars() to prevent XSS [OK]
Common Mistakes:
  • Not encoding output
  • Trusting POST data blindly
  • Using strip_tags() incorrectly

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More PHP Quizzes
Array Functions - Array chunk and pad - Quiz 5medium Array Functions - Array walk function - Quiz 14medium Array Functions - Array chunk and pad - Quiz 15hard Classes and Objects - Access modifiers (public, private, protected) - Quiz 1easy File Handling - File existence and info checks - Quiz 10hard Inheritance and Polymorphism - Method overriding - Quiz 10hard Inheritance and Polymorphism - Abstract classes and methods - Quiz 7medium Inheritance and Polymorphism - Why inheritance is needed - Quiz 10hard Interfaces and Traits - Why interfaces are needed - Quiz 9hard Interfaces and Traits - Multiple trait usage - Quiz 11easy