PHP Escape String Special characters

What method does PHP use to output all special characters in a string?
Similar to mysql_real_escape_string, but this is obsolete, and is not used on the database.

Reply content:

What method does PHP use to output all special characters in a string?
Similar to mysql_real_escape_string, but this is obsolete, and is not used on the database.

htmlspecialchars

PHP5.5 later abandoned MySQL extension, you can switch to mysqli or pdo_mysql

So you're talking about this mysql_real_escape_string function, and if you use MYSQLI, you can use mysqli_real_escape_string instead.

However, it is recommended to use Pdo_mysql to improve security with preprocessing statements

Http://php.net/manual/zh/ref ....

htmlspecialcharsSingle and double quotes, greater than and less than the number of converted into HTML format; htmlentities All characters are converted into HTML format; addslashes Single double quote, backslash, and null plus backslash escape;

• As other netizens say, if you do not have to pdo consider the database operation on the injection and other problems, the pdo self-contained pretreatment can be effective prevention and treatment of sql injection and special character processing.

• If you do not have pdo to do it yourself filter processing, the following recommended a method I used, for reference only

function isEscape($val, $isboor = false) {    if (! get_magic_quotes_gpc ()) {        $val = addslashes ( $val );    }    if ($isboor) {        $val = strtr ( $val, array (                "%" => "\%",                "_" => "\_"         ) );    }    return $val;}

