how to replace specified characters with space in a text file with php

Tags:



text files name is 32viestit21.txt

<?php
  if(isset($_POST['send']))
  {
  if (isset($_SESSION['username']))
  $fp = fopen('32viestit21.txt', 'a',1);
  $message=$_POST['message'];

 // code here

  fwrite($fp, "$_SESSION[username]: $message".PHP_EOL);
        echo "<script>if ( window.history.replaceState ) {
  window.history.replaceState( null, null, window.location.href );
}
document.location.reload()</script>";
  }
?>

and the reason why i ask this is that my website has chat and the chat has xss problem and i have to fix it and chat works so that users inputs goes to txt file then php shows the txt file data.

Answer

Use htmlspecialchars() to encode the message.

$message=htmlspecialchars($_POST['message']);


Source: stackoverflow