PHP, HTML single quotes, double quote escapes, and ...

Source: Internet
Author: User

One, single quotes and double quotes escape in the PHP data stored procedures used more, that is, to store data in the database when you need to pay attention to escape single, double quotes;

Let's say a few PHP functions:

1, addslashes-use backslash reference (escape) string;

Returns a string that is preceded by a backslash for some characters, such as database query statements. These characters are single quotes ('), double quotes ("), backslashes (\) and nul (NULL characters).

An example of using addslashes () is when you are entering data into a database. For example, insert the name O ' Reilly into the database, which you need to escape. Most databases use \ as an escape character: O\ ' Reilly. This allows the data to be placed in the database without inserting additional \. When the PHP instruction Magic_quotes_sybase is set to ON, it means that the insert ' will be used ' for escape. By default, the PHP instruction MAGIC_QUOTES_GPC is on, and it automatically runs addslashes ()for all get, POST, and cookie data. Do not use addslashes ()on strings that have been escaped by MAGIC_QUOTES_GPC, because this can result in a double escape. You can use the function GET_MAGIC_QUOTES_GPC () for instrumentation when this situation is encountered.

2. stripslashes-Remove the backslash reference (escape) of the string

That is to do the opposite with addslashes ();

3,GET_MAGIC_QUOTES_GPC---Detect the Magic reference variable is open, if open to return 1, for Open then return 0;

if (!GET_MAGIC_QUOTES_GPC ()) {

    $lastname = addslashes ($_post[' LastName ']);

} else {

    $lastname = $_post[' LastName '];

}
Echo $lastname;
$sql = "INSERT into Lastnames (lastname) VALUES (' $lastname ')";

Ii. talking about the problem of escaping entities:

We often encounter the message board and so on to let the user input information, these places are needed to pay attention to, because not to do the transfer entity and so on, the HTML code, script scripts can easily be entered to save, and other users to execute;

So like users in the input text input hello and so on, we try to shield off, otherwise users will be messed up, such as the CSS style, etc., so that our page will be a mess. No more nonsense, here are a few functions about the PHP to the entity need to know more about:

1. Htmlspecialchars () escapes special characters for HTML entities; ' & ' (ampersand) becomes ' & ' "(double quote) becomes '" when Ent_ Noquotes is NotSet. "' (single quote) becomes '" When ent_quotes isset. ' < ' (less than) becomes ' < ' > ' (greater than) becomes ' > '

2, Htmlspecialchars_decode () to convert the entity to HTML code, function 1 of the inverse function

3, Htmlentities () This is the full conversion HTML entity, and Htmlspecialchars () The difference is that this function is to escape all the characters, and Htmlspecialchars () only to escape the 5 special characters specified above.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.