Hi Guys,


I have a question if you have any knowledge about this please let me know.


I getting data from a form with POST method like following.


$x = htmlentities($_POST['y']);



After getting all form daha I save them into DB, I used


I have an page which show the information that I have save into DB. But If I
don't use html_entity_decode, there will encodding and charset problems. I
can't set htmlentities charset parameters because this function does not
have Turkish Charset support.


The question is that, after saving data into DB with using htmlentities, in
the information page if I use html_entity_decode function still there is an

XSS risk or not? . html_entity_decode function get back all risk again?


Please help.




Reply via email to