Welcome to the Treehouse Community
Looking to learn something new?
Andrew Dickens18,352 Points
Filter input, escape output
ok so I get the 'filter input', but what does Alena mean by 'escape output'?
It prevents using output you might not to be used (echo'd for example).
<?php echo $_GET['name'];
This code might do evil things, you wan't to prevent that of course. So instead we make sure no code is being echo'd by escaping the output, like this:
<?php echo filter_input( INPUT_GET, 'name', FILTER_SANITIZE_STRING ); // strip code from string
Steven Price15,120 Points
Hi im not sure of the difference between filtering input and escaping output - if you filter input from a user e.g. PHP filter_input and display it in a forum surely you don't need to also escape using htmlentities()? isnt it the same thing?