Htmlspecialchars (), addslashes () _ PHP by default, you already know HTML character entities
$ Html ="
";
1. htmlspecialchars ($ html)
Purpose: input the string $ html, convert the reserved characters such as <> in $ html into character entities, and return the converted string.
Application scenarios:
A. to directly display the source code in HTML (equivalent to right-click => view the source code effect), you can use htmlspecialchars () to escape the source code to be output;
B. text filtering: prevents malicious injection on a single table page. for example, enter When htmlspecialchars () is used for escape, <> In this script is converted to a character entity, which is not executed in php.
2. addslashes ($ html)
Purpose: input the string $ html. addslashes () will escape all single quotes and double quotes in $ html.
Application scenarios:
A. Insert a large HTML string into the database
Sample code:
MH370";$hsc = htmlspecialchars($html);$ass = addslashes($html);var_dump($html);var_dump($hsc);var_dump($ass);?>
Returned results:
string 'MH370
' (length=26)string '<p id='MH370'>MH370<p>' (length=38)string '
MH370
' (length=28)