One, single and double-quote escape in PHP data stored in the process used more, that is, to store data in the database need to pay attention to escape single, double quotation marks;
Say a few PHP functions first:
1. addslashes- uses a backslash reference (escape) string;
Returns a string that is preceded by a backslash in order for the database query statement to be preceded by some characters. These characters are single quotes ('), double quotation marks ("), backslashes (\), and NUL (theNULL character).
An example of using addslashes () is when you want to enter data into the database. For example, the name O ' Reilly is inserted into the database, which needs to be escaped. Most databases use \ as escape character:o\ ' Reilly. This allows the data to be placed in the database without inserting additional \. When PHP instruction Magic_quotes_sybase is set to on, it means that the Insert ' will be used ' to escape. By default, PHP instruction MAGIC_QUOTES_GPC is on , and it is primarily for all GET, POST, and COOKIE data automatically run addslashes (). Do not use addslashes ()for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can use the function GET_MAGIC_QUOTES_GPC () to detect this situation.
2.stripslashes-Remove the backslash reference (escape) of the string
The opposite work is done with addslashes ();
3,GET_MAGIC_QUOTES_GPC---Detect whether the Magic reference variable is turned on, if turn on return 1, for the turn back 0;
if (! GET_MAGIC_QUOTES_GPC ()) { $lastnameaddslashes($_post[' LastName 'else { $lastname $_post [' LastName ' ];} Echo $lastname ; $sql = "INSERT into Lastnames (lastname) VALUES ('$lastname')";
Ii. on escaping entity issues:
We often encounter the message board and so on can let the user input information, these places are to be aware of, because do not do the entity, HTML code, script scripts can be easily entered to save, and be executed by other users;
So similar users in the input text input <a href= "xxx" >hello</a> the like, we try to block out, otherwise users will mess up, such as CSS style, so that our page will be a mess. Needless to say, here are a few of the functions of a PHP-to-entity need to know more about:
1. Htmlspecialchars () escapes special characters as HTML entities;
- ' & ' (ampersand) becomes ' & '
- ' ' ' (double quote) becomes ' " ' when ent_noquotes was not set.
- ' (single quote) becomes ' & #039, ' only if ent_quotes is set.
- ' < ' (less than) becomes ' < '
- ' > ' (greater than) becomes ' > '
2. Htmlspecialchars_decode () turns the entity into HTML code, and the inverse function of function 1
3, Htmlentities () This is the full conversion of the HTML entity, and Htmlspecialchars () the difference is that the function is to escape all the characters, and Htmlspecialchars () only escape the 5 special characters of the above limit!
Source: http://www.cnblogs.com/terryglp/articles/1900503.html
About PHP, HTML single quotes, double quotes escaping, and the things that turn into HTML entities!