Hello, I'm hosted my tagboard at PHONEACCESS hosting, and its PHP does not accept htmlentities(); or htmlspecialchars(); and I need help to solve those fails for avoid injections in my script by codes as <script>, <a href>... Part of code is $mensaje = htmlspecialchars(trim($_POST['mensaje'], ENT_QUOTES)); PHP: Please help me to another way for avoid this without htmlspecialschars().
You should close trim()'s parenthesis after the $_POST variable. At the moment you're applying ENT_QUOTES to trim(), and not htmlspecialchars().
Nothing, I using thus: $mensaje = htmlspecialchars(trim($_POST['mensaje']), ENT_QUOTES); But doesn't work yet. HELP ME :S THE PROBLEM IS, THAT MY HOST DOESN'T ACCEPT HTMLENTITIES(); FUNCTION, WHAT CAN I DO IN THIS SITUATION?
I almost can't imagine it being a problem with the host. Why on earth would they disable one of the most basic and harmless functions? However, you can use str_replace() to emulate the function. But I guess it's a usage error, rather than a problem with the host...