Php special character escape

Source: Internet
Author: User
Php special character escape

  1. $ Html = array ();
  2. $ Html ['username'] = htmlentities ($ clean ['username'], ent_quotes, 'utf-8 ');
  3. Echo"

    Welcome back, {$ html ['username']}.

    ";
  4. ?>

Note: The htmlspecialchars () function and htmlentities () function are basically the same. Their parameter definitions are identical, but the escaping of htmlentities () is more thorough. Output username to the client through $ html ['username'], and you can ensure that the special characters are not incorrectly interpreted by the browser. If username only contains letters and numbers, it is not necessary to escape them, but this reflects the principle of deep defense. Escaping any output is a good habit. it can dramatically improve the security of your software.

Another common output target is the database. If possible, use the php built-in function to escape data in SQL statements.

For mysql database users, the best escape function is mysql_real_escape_string (). If the used database does not have the php built-in escape function available, addslashes () is the final choice.

Example:

  1. $ Mysql = array ();
  2. $ Mysql ['username'] = mysql_real_escape_string ($ clean ['username']);
  3. $ SQL = "select *
  4. From profile
  5. Where username = '{$ mysql ['username']}' ";
  6. $ Result = mysql_query ($ SQL );
  7. ?>

Php filter parameter special character injection php filter illegal and special character string method php instance: example of special character processing function to replace php code with special characters in ultra-long text

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.