Input data should be validated using functions such as strip_tags and Utf8_decode. Dynamics content should be HTML encoded using Htmlspecialchars.
User input data with strip_tags and utf8_decode processing, why read data also use Htmlspecialchars processing?
The label has been removed with strip_tags in front.
Reply to discussion (solution)
if ($text! = Strip_tags ($text)) {
Contains HTML content, what to do with you decide
}
Utf8_decode is not valid for Chinese, it will only make more and more mess
Dynamics content should be HTML encoded using Htmlspecialchars
Dynamic content can be HTML encoded with Htmlspecialchars
if ($text! = Strip_tags ($text)) {
Contains HTML content, what to do with you decide
}
Utf8_decode is not valid for Chinese, it will only make more and more mess
Dynamics content should be HTML encoded using Htmlspecialchars
Dynamic content can be HTML encoded with Htmlspecialchars
The Utf8_encode () function encodes the iso-8859-1 string as UTF-8.
What is the use of the Utf8_encode () function? Under what circumstances?
Iso-8859-1 is a single-byte character set
Its alias is latin1, this latin1 you should be aware of (MySQL default character set)
Latin1, also known as the European standard character set
if ($text! = Strip_tags ($text)) {
Contains HTML content, what to do with you decide
}
Utf8_decode is not valid for Chinese, it will only make more and more mess
Dynamics content should be HTML encoded using Htmlspecialchars
Dynamic content can be HTML encoded with Htmlspecialchars
What about the input data, only with Htmlspecialchars?
Before saving to database: $input _data = Htmlspecialchars ($input _data);
Read from database (no processing) $input _data
Why is it? So absolutely?!
If you pass in an online editor's data, do you also htmlspecialchars?
Besides, Htmlspecialchars doesn't deal with ' (single quotes), and the database must be escaped.
Why is it? So absolutely?!
If you pass in an online editor's data, do you also htmlspecialchars?
Besides, Htmlspecialchars doesn't deal with ' (single quotes), and the database must be escaped.
I'm a little messy right now.
What to do with the input data before the form is saved into the database,
What to do with the data read from the database when it is read to the page
Escape special characters when inbound
After the library to do the appropriate processing