- filter_var: documentation ( source)
- htmlentities: documentation ( source)
- printf: documentation ( source)
<?php
function safeHTML($var)
{
return htmlentities($var);
}
$link = "http://toto.com/%3C%2Fa%3E%3Ca%20href%3Djavascript%3Aalert(1)%3B";
if (!is_null($link))
{
if (!filter_var($link, FILTER_VALIDATE_URL))
printf("ERROR !");
}
if (is_null($link))
{
$link = 'http://';
printf("NULL !");
}
toto.safeHTML($link).toto
?>