This code is for a comment system. Which is more secure against injection(xss) entities or chars?
[php]
if(isset($_POST[‘submit’])) { // Added not to display “please fill out all required fields”.
$name = htmlentities($name);
$email = htmlentities($email);
$website = htmlentities($website);
$message = htmlentities($message);
$time = time();
@ $fp = fopen(‘testcomments.log’,‘a’);
if (!$name || !$email|| !$website || !$message )
{
echo “Please fill out all required fields”;}
else
{
if(strlen($name) > 0 && strlen($message)> 0) {
if(filesize(‘testcomments.log’) > 0) {
$pre =’
’;
}
}
$outputstring = $pre. ‘
’.$name.’. ‘.date(‘F j Y \a\t h:i a’,$time).’
'.$message .'
'; @fwrite($fp, $outputstring, strlen($outputstring)); fclose($fp);echo “”; // changed from Header( )
}
}
?>
Comments: