Shulou(Shulou.com)06/01 Report--

This article mainly introduces "php escape special character function what", in daily operation, I believe many people in php escape special character function what problems there are doubts, Xiaobian consulted all kinds of information, sorted out simple and easy to use operation methods, hope to answer "php escape special character function what" doubts help! Next, please follow the small series to learn together!

php escape special character functions are: 1, addslashes(), use backslashes to reference strings, escape characters;2, mysql_real_escape_string(), escape special characters in strings used in SQL statements;3, htmlspecialchars().

Operating environment of this tutorial: Windows 7 system, PHP7.1 version, DELL G3 computer

escape special character function in php

1、addslashes

addslashes escape special characters in SQL statements, including ('), ("), (), (NUL) four characters, this function is used when the DBMS does not have its own escape function, but if the DBMS has its own escape function, it is recommended to use the original function, such as MySQL has mysql_real_escape_string function to escape SQL.

Note that before PHP 5.3, magic_quotes_gpc was turned on by default, mainly to perform addslashes on $GET, $POST, $COOKIE, so there is no need to call addslashes repeatedly on these variables, otherwise it will double escape.

However, magic_quotes_gpc has been deprecated since PHP 5.3 and has been removed since PHP 5.4. If you use the latest version of PHP, you don't have to worry about this problem. stripslashes is the unescape function for addslashes.

2、mysql_real_escape_string

mysql_real_escape_string() function escapes special characters in strings used in SQL statements.

The following characters are affected:

\x00

\n

\r

\

'

"

\x1a

If successful, the function returns an escaped string. If it fails, it returns false.

Note that you do not need to call stripslashes to unescape when reading database data, because these backslashes are added when the database executes SQL, and the backslashes are removed when writing data to the database, so the content written to the database is the original data, and there is no more backslashes in front.

3、htmlspecialchars

htmlspecialchars escape several special characters in HTML to HTML Entity(format: ), including (&),('),("),() five characters.

& (AND) => &

" (double quotes) => " (when ENT_NOQUOTES is not set)

' (single quotes) =>(when ENT_QUOTES is set)

(greater than sign) => >

htmlspecialchars can be used to filter $GET,$POST,$COOKIE data and prevent XSS. Note that the htmlspecialchars function only escapes HTML characters that are considered unsafe. If you want to escape all HTML characters that can be escaped, use htmlentities. htmlspecialchars_decode is the decode function for htmlspecialchars.

At this point, on the "php escape special character function which" the study is over, I hope to solve everyone's doubts. Theory and practice can better match to help you learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.