Php escape character string special characters

How can php escape all special characters in a string? Similar to mysql_real_escape_string, but this is outdated and not used in the database. How can php escape all special characters in a string?
Similar to mysql_real_escape_string, but this is outdated and not used in the database.

Reply content:

How can php escape all special characters in a string?
Similar to mysql_real_escape_string, but this is outdated and not used in the database.

htmlspecialchars

Mysql extensions are discarded after PHP5.5. you can switch to mysqli or pdo_mysql

So the mysql_real_escape_string function you mentioned can be replaced by mysqli_real_escape_string if mysqli is used.

However, we recommend using pdo_mysql and pre-processing statements to improve security.

Http://php.net/manual/zh/ref ....

htmlspecialcharsConvert single double quotes, greater than and less than signs into HTML format;htmlentitiesAll characters are converted to HTML format;addslashesDouble quotation marks, backslash, and NULL plus backslash escape;

• If you usepdoThere is no need to consider database operation injection or other issues,pdoBuilt-in preprocessing can be effectively preventedsqlInjection and processing of special characters.

• If you do not needpdoYou have to filter the data by yourself. we recommend a method that I have used for reference only.

function isEscape($val, $isboor = false) {    if (! get_magic_quotes_gpc ()) {        $val = addslashes ( $val );    }    if ($isboor) {        $val = strtr ( $val, array (                "%" => "\%",                "_" => "\_"         ) );    }    return $val;}