htmlspecialchars equivalent for mysql

I am querying a database for userInput text which was obtained from a form, and will display that text in an HTML page. To prevent XSS, I need to iterate over the results and apply htmlspecialchars(), Sure, I change change fetchAll() to fetch() and apply htmlspecialchars() there, but it sure would be nice to use a native MySQL function and include it in my query. I searched but couldn’t find one. Does one exist? Am I able to create my own? Thanks

$sql ='SELECT userInput FROM table WHERE fk_id=123';
$stmt = db::db()->query($sql);
return $stmt->fetchAll(PDO::FETCH_ASSOC);

Leave a Reply


Hire Me
Follow Me!
Most Popular Articles & Pages
Because your vote is Important
Sorry, there are no polls available at the moment.