What's the best practice to set html attribute via PHP?

Question

When doing this job in PHP,one may meet this kind of issue:

\">...

The problem is that if

Answer 1

You always want to HTML-encode things inside HTML attributes, which you can do with htmlspecialchars:

You probably want to set the second parameter ($quote_style) to ENT_QUOTES.

The only potential risk is that $variable may already be encoded, so you may want to set the last parameter ($double_encode) to false.