Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP Build a Basic PHP Website (2018) Enhancing a Form Escaping Output

Mayur Pande
PLUS
Mayur Pande
Courses Plus Student 11,711 Points

Surely then we would need to escape the outputs on all fields?

As this is the case with malicious code. Surely we would need to escape the output on all the other form fields i.e. name, email, title, year etc. Am I correct in thinking this?

Pauline Orr
Pauline Orr
15,321 Points

I am wondering this too

Can someone answer this question ? Thank you!!

1 Answer

Aurelien Roux
Aurelien Roux
25,567 Points

I'm not 100% sure but it seems to be a good practice to do both (filtering inputs and escaping outputs).

I found this article that gets in the details and show examples https://www.inanimatt.com/php-output-escaping.html