Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Build a Basic PHP Website (2018) Enhancing a Form Escaping Output

György Varga
György Varga
19,198 Points
Posted by György Varga
György Varga
19,198 Points

Why $_POST?

Hi!

Why we use htmlspecialchars($_POST["details"])? why not we use simply htmlspecialchars($details)?

Thank for your help!

2 Answers

Corey Cramer
Corey Cramer
9,453 Points

It was done for the sake of example. At the start of the video Ms. Holligan says "However, we're not always applying this amount of control to the data upfront"

jlampstack
jlampstack
23,932 Points
jlampstack
jlampstack
23,932 Points

I was wondering this same question as György Varga . I did notice thru experimenting htmlspecialchars($details); and htmlspecialchars($_POST['details']); displays the data differently.

EXAMPLE: For a simple <h1> tag....

  1. htmlspecialchars($_POST['details']); would display.... <h1>
  2. htmlspecialchars($details); would display the ascii codes..... <h1>

Which is the correct way to escape output? I don't fully understand the answer given. They both display different results.