Php special character escape

Php special character escape

$ Html = array (); $ Html ['username'] = htmlentities ($ clean ['username'], ent_quotes, 'utf-8 '); Echo" Welcome back, {$ html ['username']}. "; ?> Note: The htmlspecialchars () function and htmlentities () function are basically the same. Their parameter definitions are identical, but the escaping of htmlentities () is more thorough. Output username to the client through $ html ['username'], and you can ensure that the special characters are not incorrectly interpreted by the browser. If username only contains letters and numbers, it is not necessary to escape them, but this reflects the principle of deep defense. Escaping any output is a good habit. it can dramatically improve the security of your software. Another common output target is the database. If possible, use the php built-in function to escape data in SQL statements. For mysql database users, the best escape function is mysql_real_escape_string (). If the used database does not have the php built-in escape function available, addslashes () is the final choice. Example: $ Mysql = array (); $ Mysql ['username'] = mysql_real_escape_string ($ clean ['username']); $ SQL = "select * From profile Where username = '{$ mysql ['username']}' "; $ Result = mysql_query ($ SQL ); ?> Php filter parameter special character injection php filter illegal and special character string method php instance: example of special character processing function to replace php code with special characters in ultra-long text