If you use the GET method, you can make it safer if you pass you Get variable using
- rawurlencode: Use if you have spaces in the main part of the URL. Replaces non alpha-numeric characters with %ASCII code
- urlencode: Used in the query part of a URL, or to pass GET variables. Replaces spaces with +
- htmlspecialcharacters: Use to prevent user-supplied text from containing HTML markup. Does minimal conversion of HTML characters: " < > & ' to &XXXX; equivalent
- htmlentities: Used to prevent user-supplied text from adding any malicious code. Converts all characters with an &...; equivalent.
- strip_tags: Use to prevent user-supplied text from containing unallowed HTML markup.
- nl2br: Use to preserve line breaks in user-supplied text.
'<a href= "http://www.google.com/?q="'.urlencode("the database student").' ">' ; yieldsExample: Writing trusted user text to a content page with limited HTML markup and pagebreaks preserved
<a href="https://www.google.com/?q=the+database+student " >
<?php echo strip_tags(nl2br($sel_page['content']),"<b><br><li><ol><ul><a><i><strong><emp>" ); ?>
