PHP function Strip_tags/htmlspecialchars

Function: Strip_tags ($STR, $allow)

Role: Remove Html/xml and PHP tags.

Parameters: $allow A label that specifies exceptions, allowing these tags to not be deleted.

 
  world!","world!? " >

Note: the FGETSS () function has a similar function.

Function: Htmlspecialchars (string,quotestyle,character-set)

Function: Converts special characters to HTML entities.

Note: Special characters for conversion include (only these 5):

& (and) turn into &
"(double quotation marks) to turn"
< (less than) turn into <
> (greater than) turn into >
"(single quote) turn into '

Function: Htmlentities

Function: Converts all characters to HTML entities

Parameters: Character-set You can specify a character set, and if you convert a string in Chinese, you need to set the character set to GB2312.

Otherwise, the result of conversion will appear garbled.

Function: Html_entity_decode

Function: To restore HTML entities to characters, is a htmlentities inverse function.

Function: Htmlspecialchars_decode

Function: To restore a pre-defined HTML entity to a character, is a htmlspecialchars inverse function.

Function: addslashes

Function: Adds a backslash before a predefined character

Note: Predefined characters include single quotation marks ('), double quotation marks ('), backslashes (\), and NULL.

This function is used to prepare the appropriate string for strings stored in the database and for database query statements.
If PHP parameter MAGIC_QUOTES_GPC is on, all Get/post/cookie data automatically run addslashes, then do not use addslashes, avoid double escape;

In this case, the function GET_MAGIC_QUOTES_GPC () is used to detect the problem.

Function: stripslashes

Action: Removes the backslash added by the addslashes () function.

Note: This function cleans up data retrieved from a database or HTML form.

Function: mysql_real_escape_string

Function: Escapes special characters in the string used in the SQL statement.

The affected characters are:

\x00 \ r \ ' "\x1a

Returned: The escaped string was successfully returned, and the failure returned false.

Note: The difference between this function and Htmlspecialchars is that mysql_real_escape_string is used to prevent SQL injection,

Htmlspecialchars is to convert HTML to avoid XSS class attacks.

