Summary of the use of character security filtering functions in PHP, and php character Function Summary _ PHP Tutorial

Summary of use of character security filtering functions in PHP and summary of php character functions. Summary of use of character security filtering functions in PHP, and summary of php character functions in WEB development, we often need to obtain user input data from all over the world. However, we will summarize the usage of character security filtering functions in PHP forever, and summary of php character functions.

In the WEB development process, we often need to obtain user input data from all over the world. However, we "never trust the data input by those users ". Therefore, various Web development languages provide functions to ensure the security of user input data. In PHP, some very useful and convenient functions can help you prevent problems such as SQL injection and XSS attacks.

1. mysql_real_escape_string ()

This function has helped prevent SQL injection attacks in PHP. It adds a backslash to special characters, such as single quotes and double quotation marks ", make sure that your input is safe before you use it for query. However, you must note that you use this function when connecting to the database.
But now the mysql_real_escape_string () function is basically no longer used. all new application development should use libraries such as PDO to operate the database. that is to say, we can use existing statements to prevent SQL injection attacks.

2. addslashes ()

This function is similar to mysql_real_escape_string (). It also adds a backslash to a special character. do not use this function when the magic_quotes_gpc value in ini is "on. When magic_quotes_gpc = on, addslashes () is automatically run for all GET, POST, and COOKIE data (). Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this causes double-layer escape. You can use the get_magic_quotes_gpc () function in PHP to check the value of this variable.

3. htmlentities ()

This function is very useful for filtering user input data. it can convert characters into HTML entities. For example, when a user inputs the character "<", the function is converted to the HTML entity "<" ("<" is displayed when you view the source code "), therefore, XSS and SQL injection attacks are prevented, and unrecognized character sets are ignored and replaced by ISO-8859-1.

4. htmlspecialchars ()

This function is similar to the preceding one. some characters in HTML have special meanings. if such meanings are to be embodied, they must be converted to HTML entities. This function returns the converted string.

5. strip_tags ()

This function can remove all HTML, JavaScript, and PHP tags in the string. of course, you can also set the second parameter of this function to ignore and filter some specific tags.

6. intval ()

Intval is not actually a filter function. it is used to convert a variable to an integer. It is very useful when we need an integer parameter. you can use this function to make your PHP code safer, especially when you are parsing integer data such as id and age.

These are built-in string filter functions of PHP, which are very simple and practical. I hope my friends can use them well.

In the WEB development process, we often need to obtain user input data from all over the world. However, we "always...