var_dump or print_r and html encoding var_dump or print_r and html encoding php php

var_dump or print_r and html encoding


php xss html-entities var-dump

While this question has an accepted answer, I think David Morrow's answer is the best/ simplest/ most practical (uses the print_r true flag):

echo "<pre>".htmlentities(print_r($some_array, true))."</pre>";

Never-the-less, here is another solution that uses output buffering:

<?phpob_start();print_r($some_array);$buffer = ob_get_clean();echo "<pre>".htmlentities($buffer)."</pre>";?>

php xss html-entities var-dump

I found that knittl's code does not work. I had to make some small changes to get it to work as follows:

array_walk_recursive($inputarray, function(&$v) { $v = htmlspecialchars($v); });

Now this works fine in PHP5.3+

php xss html-entities var-dump

Or you could just save the print_r to a string and then escape it using the second parameter set to true.

$arr = array('<script>alert("hey");</script>');$str = print_r($arr, true);echo htmlentities($str);

outputs:

Array(   [0] => <script>alert("hey");</script>)

script is not executed

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last