Shulou(Shulou.com)06/01 Report--

The definition of function name introduces that htmlspecialchars converts the and, single and double quotation marks, greater than and less than symbols into HTML format & into &

"turn into"

'convert to & # 039

Converted to > htmlentities () all characters are converted to HTML format in addition to the above htmlspecialchars characters, including double-byte characters displayed as encoding and so on.

Addslashes single and double quotes, backslashes and NULL plus backslashes escape the changed characters including single quotes ('), double quotes ("), backslashes backslash (/), and empty characters NULL. Stripslashes removes backslashes and removes backslashes from strings. If there are two consecutive backslashes, remove one and leave one. If there is only one backslash, remove it directly.

Quotemeta adds a reference symbol to the string that contains. / / + *? [^] ($) and other characters are preceded by a backslash "/" symbol. Nl2br () converts newline characters to

Strip_tags removes HTML and PHP tags removes any HTML tags and PHP tags from the string, including the content between tag blocking. Note that if there are errors in the string HTML and PHP tags, an error will also be returned. Mysql_real_escape_string escapes special characters in SQL strings to escape / x00 / n / r spaces /'"/ x1a, which is effective for multi-byte character handling. Mysql_real_escape_string determines the character set, but mysql_escape_string does not consider it.

Transferred from http://blog.csdn.net/jianglei421/article/details/5460810

I usually use it like this:

Kindedit Editor:

Those from post can be stored in the database after addslashes, and can be directly echo after removal.

Ordinary text:

1.htmlspecialchars and then addslashes into the database, take it out and then directly echo.

2.addslashes is stored in the database and output by htmlspecialchars after it is taken out.

Description:

Addslashes is just to get the original characters into the database correctly.

Htmlspecialchars, right? html tags are converted.

Additional:

The function of the magic_quotes_gpc function in php is to judge and parse the data prompted by the user, such as post, get, cookie, to add the escape character "\" to ensure that the data will not cause fatal errors caused by the pollution caused by the special characters in the database statements.

In the case of magic_quotes_gpc=On, if the data entered has

Characters such as single quotation marks ('), double quotation marks ("), backslashes (), and NUL (NULL characters) are all backslashed. These escapes are required, and if this option is off, then we must call the function addslashes to add escapes to the string.

It is precisely because of the contradiction that this option must be On, but allows the user to configure it, this option is removed from PHP6, and all programming needs to be done under magic_quotes_gpc=Off. In such an environment, if the user's data is not escaped, the result will be more than just a program error. The same can lead to the risk that the database will be injected. So from now on, everyone should no longer rely on this setting to On, lest one day your server needs to be updated to PHP6 and your program will not work properly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.