esc()
Escape context specific output
esc(string $string, string $context = 'html'): stringParameters
| Name | Type | Default | Description |
|---|---|---|---|
| $string * | string |
– | Untrusted data |
| $context | string |
'html' |
Location of output (html, attr, js, css, url or xml) |
Return type
string
Examples
<p><?= esc('untrusted data') ?></p><img alt="<?= esc($alt, 'attr') ?>" src="/your-image.jpg" /><section style="--columns: <?= esc($columns, 'css')">
...
</section><script>
let yourVariable = "<?= esc($variable, 'js') ?>";
// ...
</script><iframe src="https://map.example.com/?lat=<?= esc($lat, 'url') ?>&lon=<?= esc($lon, 'url') ?>"></iframe>