Skip to content

esc()

Escape context specific output

esc(string $string, string $context = 'html'): string

Parameters

Name Type Default Description
$string * string Untrusted data
$context string 'html' Location of output (html, attr, js, css, url or xml)

Return type

string

Examples

<p><?= esc('untrusted data') ?></p>
<img alt="<?= esc($alt, 'attr') ?>" src="/your-image.jpg" />
<section style="--columns: <?= esc($columns, 'css')">
...
</section>
<script>
let yourVariable = "<?= esc($variable, 'js') ?>";

// ...
</script>
<iframe src="https://map.example.com/?lat=<?= esc($lat, 'url') ?>&lon=<?= esc($lon, 'url') ?>"></iframe>