Greetings, John. In reply to Your message dated Monday, November 29, 2021, 4:19:10, > But, I don't completely understand why this was necessary. To me, it > looks like a simple PHP echo command so why would I need to escape it > at this point. Because your output is supposed to be rendered as HTML. So, you must use HTML-appropriate escaping. Thus, htmlspecialchars/htmlentities. I would actually suggest the former, unless you have very specific requirements. > There was a problem earlier in this project with data > passed by JSON and I had to use htmlspecialchars() to relay the JSON > data to the next script but that was the reverse of what I am doing > here. That shouldn't have happened, though, except if your JSON data contained literal "</script>" string. > I had seen htmlentities() (and htmlspecialchars() which is > noted as equivalent in the documentation) in my research but it didn't > seem appropriate because I was considering this as an echo function. No? > What am I failing to see? echo/print/fprint is a raw tool to output data literal. It may not be appropriate even to print to the console, not to say - output to some intricate format. -- Sincerely Yours, Andrey Repin <anrdaemon@xxxxxxxxx>
