Over a million developers have joined DZone.

Smarty and escaping user input (for lazy guys)

DZone's Guide to

Smarty and escaping user input (for lazy guys)

· Web Dev Zone ·
Free Resource

Learn how error monitoring with Sentry closes the gap between the product team and your customers. With Sentry, you can focus on what you do best: building and scaling software that makes your users’ lives better.

Smarty gives us a simple way to escape “dirty” variables when they come to template processing. With escape variable modifier you can make “dirty” things look smart. You can escape or even remove html tags and special characters.

Variable in a Smarty template without escaping {$articleTitle}
and with escaping {$articleTitle|escape:'html'}

But if you are lazy like me you might wonder what the need to write “escape:’html’” again and again for all variables. Good new is that we can make Smarty do it by default by setting $default_modifiers field for Smarty object. For lazy guys here is sample

$smarty->default_modifiers = array('escape:"html"');

We can turn off this “defaul” behaviour for selected variables with

Be Smarty and good luck! :)

What’s the best way to boost the efficiency of your product team and ship with confidence? Check out this ebook to learn how Sentry's real-time error monitoring helps developers stay in their workflow to fix bugs before the user even knows there’s a problem.


Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}