0

Take for example this string:

0,;.:-_()!"#$%&'()*?/

If that is what users sends as an input value, $_GET["password"]) interprets the string only to the first ". What is a proper way to handle all character password?

CODE:

if (isset($_GET["password"])){
    $email = $_GET["password"];
    echo $email."<br>";
}
sanjihan
  • 5,592
  • 11
  • 54
  • 119
  • Are you typing this manually into your browser, or submitting a form? – Blue May 19 '17 at 11:24
  • The value you retrieve from $_GET will not be affected by quotation marks. I'm assuming the issue is from you trying to echo the value and view it in HTML. You should always encode user input to protect from character issues or XSS attacks,look at htmlentities() – Devon Bessemer May 19 '17 at 11:26
  • Possible duplicate of [How to prevent XSS with HTML/PHP?](http://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php) – Devon Bessemer May 19 '17 at 11:27

0 Answers0