PHP, HTML single quotes, double quote escapes, and ...

One, single quotes and double quotes escape in the PHP data stored procedures used more, that is, to store data in the database when you need to pay attention to escape single, double quotes;

Let's say a few PHP functions:

1, addslashes-use backslash reference (escape) string;

Returns a string that is preceded by a backslash for some characters, such as database query statements. These characters are single quotes ('), double quotes ("), backslashes (\) and nul (NULL characters).

An example of using addslashes () is when you are entering data into a database. For example, insert the name O ' Reilly into the database, which you need to escape. Most databases use \ as an escape character: O\ ' Reilly. This allows the data to be placed in the database without inserting additional \. When the PHP instruction Magic_quotes_sybase is set to ON, it means that the insert ' will be used ' for escape. By default, the PHP instruction MAGIC_QUOTES_GPC is on, and it automatically runs addslashes ()for all get, POST, and cookie data. Do not use addslashes ()on strings that have been escaped by MAGIC_QUOTES_GPC, because this can result in a double escape. You can use the function GET_MAGIC_QUOTES_GPC () for instrumentation when this situation is encountered.

2. stripslashes-Remove the backslash reference (escape) of the string

That is to do the opposite with addslashes ();

3,GET_MAGIC_QUOTES_GPC---Detect the Magic reference variable is open, if open to return 1, for Open then return 0;

if (!GET_MAGIC_QUOTES_GPC ()) {

    $lastname = addslashes ($_post[' LastName ']);

} else {

    $lastname = $_post[' LastName '];

}
Echo $lastname;
$sql = "INSERT into Lastnames (lastname) VALUES (' $lastname ')";

Ii. talking about the problem of escaping entities:

We often encounter the message board and so on to let the user input information, these places are needed to pay attention to, because not to do the transfer entity and so on, the HTML code, script scripts can easily be entered to save, and other users to execute;

So like users in the input text input hello and so on, we try to shield off, otherwise users will be messed up, such as the CSS style, etc., so that our page will be a mess. No more nonsense, here are a few functions about the PHP to the entity need to know more about:

1. Htmlspecialchars () escapes special characters for HTML entities; ' & ' (ampersand) becomes ' & ' "(double quote) becomes '" when Ent_ Noquotes is NotSet. "' (single quote) becomes '" When ent_quotes isset. ' < ' (less than) becomes ' < ' > ' (greater than) becomes ' > '

2, Htmlspecialchars_decode () to convert the entity to HTML code, function 1 of the inverse function

3, Htmlentities () This is the full conversion HTML entity, and Htmlspecialchars () The difference is that this function is to escape all the characters, and Htmlspecialchars () only to escape the 5 special characters specified above.