Home > Developer > PHP

What are the character security filtering functions in php?

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
What are the character security filtering functions in php?
A list of character security filtering functions in php. common functions used by php to prevent SQL injection attacks and xss attacks, including mysql_real_escape_string (), addslashes (), htmlentities (), htmlspecialchars (), strip_tags () and other functions.

Php functions help prevent SQL injection attacks and xss attacks.

1. mysql_real_escape_string ()This function has helped prevent SQL injection attacks in PHP. It adds a backslash to special characters, such as single quotes and double quotation marks ", make sure that your input is safe before you use it for query. However, you must note that you use this function when connecting to the database. But now the mysql_real_escape_string () function is basically no longer used. all new application development should use libraries such as PDO to operate the database. that is to say, we can use existing statements to prevent SQL injection attacks.

2. addslashes ()This function is similar to mysql_real_escape_string (). It also adds a backslash to a special character. do not use this function when the magic_quotes_gpc value in ini is "on. When magic_quotes_gpc = on, addslashes () is automatically run for all GET, POST, and COOKIE data (). Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this causes double-layer escape.

You can use the get_magic_quotes_gpc () function in php to check the value of this variable.

3. htmlentities ()This function is very useful for filtering user input data. it can convert characters into HTML entities. For example, when a user inputs the character "<", the function is converted to the HTML entity "<" ("<" is displayed when you view the source code "), therefore, XSS and SQL injection attacks are prevented, and unrecognized character sets are ignored and replaced by ISO-8859-1.

4. htmlspecialchars ()This function is similar to the preceding one. some characters in HTML have special meanings. if such meanings are to be embodied, they must be converted to HTML entities. This function returns the converted string.

5. strip_tags ()This function can remove all HTML, JavaScript, and PHP tags in the string. of course, you can also set the second parameter of this function to ignore and filter some specific tags.

6. intval ()Intval is not actually a filter function. it is used to convert a variable to an integer. When you need an integer parameter, you can use this function to make your php code safer, especially when parsing integer data such as id and age.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
access denied security filtering what functions php php built in functions character functions in php escape character escape character in php space character in php

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More