Open Rillke opened 5 years ago
I think there is no general solution for this. Is ">" is a literal string stored in a text field in the database? In some cases this could be part of a HTML element, in other cases it could be a literal "greater than". It is crucial to check how data is represented (or how it is intended) in the text field.
If the text field is meant to carry HTML, literal "greater thans" (and lesser thans) would have to be stored as entities in the database itself. maybe this will require htmlspecialchars().
If the text field is meant to carry text only, it needs to be HTML escaped for the output. In that case, htmlentities() would be the PHP function to look for.
Does the CMS provide a function to HTML-escape a string?
E.g.
>
-->>
How would you display results from database queries?