Introduction to htmlentities, htmlspecialchars, and addslashes usage, htmlspecialchars

Introduction to htmlentities, htmlspecialchars, and addslashes usage, htmlspecialchars

1. html_entity_decode (): converts an html object to a character.

Eg：$str = "just atest & 'learn to use '";echo html_entity_decode($str);echo "<br />";echo html_entity_decode($str,ENT_QUOTES);echo "<br />";echo html_entity_decode($str,ENT_NOQUOTES);

The output is as follows:

just a test & 'learn to use 'just a test & 'learn to use 'just a test & 'learn to use '

2. htmlentities (): converts characters to html objects.

Eg：$str = "just a test & 'learn to use'"; echo htmlentities($str,ENT_COMPAT); echo "<br/>"; echo htmlentities($str, ENT_QUOTES); echo "<br/>"; echo htmlentities($str, ENT_NOQUOTES);

The output is as follows:

just a test & 'learn to use'just a test & 'learn to use'just a test & 'learn to use'

Check the source code as follows:

just a test & 'learn to use'<br />just a test & 'learn to use'<br />just a test & 'learn to use'

3. addslashes (): Add a backslash before a specified predefined character.

Predefined characters include: single quotation marks ('), double quotation marks ("), backslash (\), and NULL

By default, the magic_quotes_gpc command of PHP is on, and addslashes () is automatically run for all GET, POST, and COOKIE data (). Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this causes double-layer escape. In this case, you can use the get_magic_quotes_gpc () function for detection.

Eg：$str3="\ just a  '  \" test";echoaddslashes($str3);

Output:

\\ just a \' \" test

4. stripslashes (): deletes the backslash added by the addslashes function.

Eg：$str4="\\ just a \'\" test";echo stripslashes($str4);    

Output:

just a ' " test

5. htmlspecialchars (): converts some predefined characters into html objects.

Pre-defined characters include: & (and) to become & "(double quotation marks) to" '(single quotation marks) to become' <(less than) to become <> (greater than) to become> Eg: $ str5 = "just atest & 'Learn to Use'"; echo htmlspecialchars ($ str5, ENT_COMPAT); echo "<br/>"; echo htmlspecialchars ($ str5, ENT_QUOTES ); echo "<br/>"; echo htmlspecialchars ($ str5, ENT_NOQUOTES );

Output:

just a test & 'learn to use'just a test & 'learn to use'just a test & 'learn to use'

View Source Code:

just a test & 'learn to use'<br />just a test & 'learn to use'<br />just a test & 'learn to use'

6. htmlspecialchars_decode (): converts some predefined html entities into characters.

The decoded html objects include: & become & (and)

"Become" (double quotation marks)
'Become '(single quotes)
<Become <(less)
> Become> (greater)

Eg：$str6 = "just atest & 'learn to use'";echo htmlspecialchars_decode($str6);echo "<br />";echo htmlspecialchars_decode($str6, ENT_QUOTES);echo "<br />";echo htmlspecialchars_decode($str6, ENT_NOQUOTES);

Output:

just a test & 'learn to use 'just a test & 'learn to use 'just a test & 'learn to use '

View Source Code:

just a test & 'learn to use '<br />just a test & 'learn to use '<br />just a test & 'learn to use '

Comprehensive use of anti-injection and web scripts:

$str= htmlspecialchars(addslashes($str));$str= htmlspecialchars_decode(stripslashes($str));

In the above discussion, the use of htmlentities, htmlspecialchars, and addslashes is all the content that I have shared with you. I hope to give you a reference and support for more.