Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Build a Basic PHP Website (2018) Enhancing a Form Escaping Output

Mayur Pande
PLUS
Mayur Pande
Courses Plus Student 11,711 Points

Surely then we would need to escape the outputs on all fields?

As this is the case with malicious code. Surely we would need to escape the output on all the other form fields i.e. name, email, title, year etc. Am I correct in thinking this?

Pauline Orr
Pauline Orr
15,321 Points

I am wondering this too

Can someone answer this question ? Thank you!!

1 Answer

Aurelien Roux
Aurelien Roux
25,567 Points

I'm not 100% sure but it seems to be a good practice to do both (filtering inputs and escaping outputs).

I found this article that gets in the details and show examples https://www.inanimatt.com/php-output-escaping.html