orange08 Posted August 25, 2009 Share Posted August 25, 2009 hi, i use htmlentities() in an email sent to user for the confirmation of registration... for the user name and user email input by an user, i apply htmlentities() like $myuser = htmlentities($user); $useremail = htmlentities($uemail); then this two variables are used to display in an email sent to the user, like $msg="<table><tr><td>"; $msg.="Dear $myuser,"; $msg.="bla bla bla"; : : $msg.="<a href='http://www.mysite.com/register.php?sentemail=$useremail&key=$ukey'>activate link </a>"; : : $msg.="please copy and paste the following link to your browser.<br><br>"; $msg.="http://www.mysite.com/register.php?sentemail=$useremail&key=$ukey"; : : so, any problem i use htmlentities() in the variable display and the activate link? i tested it and found it works normally, but if really got xss attack in that two variables, what will going on to my email? will create any error? Link to comment https://forums.phpfreaks.com/topic/171793-htmlentities-used-in-email-sent/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.