About PHP, HTML single quotes, double quotes escaping, and the things that turn into HTML entities!

Source: Internet
Author: User

One, single and double-quote escape in PHP data stored in the process used more, that is, to store data in the database need to pay attention to escape single, double quotation marks;

Say a few PHP functions first:

1. addslashes- uses a backslash reference (escape) string;

Returns a string that is preceded by a backslash in order for the database query statement to be preceded by some characters. These characters are single quotes ('), double quotation marks ("), backslashes (\), and NUL (theNULL character).

An example of using addslashes () is when you want to enter data into the database. For example, the name O ' Reilly is inserted into the database, which needs to be escaped. Most databases use \ as escape character:o\ ' Reilly. This allows the data to be placed in the database without inserting additional \. When PHP instruction Magic_quotes_sybase is set to on, it means that the Insert ' will be used ' to escape. By default, PHP instruction MAGIC_QUOTES_GPC is on , and it is primarily for all GET, POST, and COOKIE data automatically run addslashes (). Do not use addslashes ()for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can use the function GET_MAGIC_QUOTES_GPC () to detect this situation.

2.stripslashes-Remove the backslash reference (escape) of the string

The opposite work is done with addslashes ();

3,GET_MAGIC_QUOTES_GPC---Detect whether the Magic reference variable is turned on, if turn on return 1, for the turn back 0;

if (! GET_MAGIC_QUOTES_GPC ()) {    $lastnameaddslashes($_post[' LastName 'else  {     $lastname $_post [' LastName ' ];} Echo $lastname ;   $sql = "INSERT into Lastnames (lastname) VALUES ('$lastname')";

Ii. on escaping entity issues:

We often encounter the message board and so on can let the user input information, these places are to be aware of, because do not do the entity, HTML code, script scripts can be easily entered to save, and be executed by other users;

So similar users in the input text input <a href= "xxx" >hello</a> the like, we try to block out, otherwise users will mess up, such as CSS style, so that our page will be a mess. Needless to say, here are a few of the functions of a PHP-to-entity need to know more about:

1. Htmlspecialchars () escapes special characters as HTML entities;

    • ' & ' (ampersand) becomes ' &amp; '
    • ' ' ' (double quote) becomes ' &quot; ' when ent_noquotes was not set.
    • ' (single quote) becomes ' & #039, ' only if ent_quotes is set.
    • ' < ' (less than) becomes ' &lt; '
    • ' > ' (greater than) becomes ' &gt; '

2. Htmlspecialchars_decode () turns the entity into HTML code, and the inverse function of function 1

3, Htmlentities () This is the full conversion of the HTML entity, and Htmlspecialchars () the difference is that the function is to escape all the characters, and Htmlspecialchars () only escape the 5 special characters of the above limit!

Source: http://www.cnblogs.com/terryglp/articles/1900503.html

About PHP, HTML single quotes, double quotes escaping, and the things that turn into HTML entities!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.