PHP beginner: what's the best way to sanitize text when fetched from the database? Using both strip_taps and htmlspecialchars? I want to sanitize the text but make sure some tags are not turned into HTML entities like <a> and <li>

This page summarizes the projects mentioned and recommended in the original post on /r/PHPhelp
Security Markup

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • HTML Purifier

    Standards compliant HTML filter written in PHP

    • Use http://htmlpurifier.org/ its pretty battle tested and highly configurable.

  • PHP Markdown

    Parser for Markdown and Markdown Extra derived from the original Markdown.pl by John Gruber.

    • All joking aside, please sanitize on input, not output. As far as the second part of your question goes, there is no built in partial strip_tags function. The safest thing to do would be to continue using strip_tags on insert in conjunction with something like markdown to convert to the allowed HTML entities.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts