Function: Strip_tags ($STR, $allow)
Role: Remove Html/xml and PHP tags.
Parameters: $allow A label that specifies exceptions, allowing these tags to not be deleted.
world!","world!? " >
Note: the FGETSS () function has a similar function.
Function: Htmlspecialchars (string,quotestyle,character-set)
Function: Converts special characters to HTML entities.
Note: Special characters for conversion include (only these 5):
& (and) turn into &
"(double quotation marks) to turn"
< (less than) turn into <
> (greater than) turn into >
"(single quote) turn into '
Function: Htmlentities
Function: Converts all characters to HTML entities
Parameters: Character-set You can specify a character set, and if you convert a string in Chinese, you need to set the character set to GB2312.
Otherwise, the result of conversion will appear garbled.
Function: Html_entity_decode
Function: To restore HTML entities to characters, is a htmlentities inverse function.
Function: Htmlspecialchars_decode
Function: To restore a pre-defined HTML entity to a character, is a htmlspecialchars inverse function.
Function: addslashes
Function: Adds a backslash before a predefined character
Note: Predefined characters include single quotation marks ('), double quotation marks ('), backslashes (\), and NULL.
This function is used to prepare the appropriate string for strings stored in the database and for database query statements.
If PHP parameter MAGIC_QUOTES_GPC is on, all Get/post/cookie data automatically run addslashes, then do not use addslashes, avoid double escape;
In this case, the function GET_MAGIC_QUOTES_GPC () is used to detect the problem.
Function: stripslashes
Action: Removes the backslash added by the addslashes () function.
Note: This function cleans up data retrieved from a database or HTML form.
Function: mysql_real_escape_string
Function: Escapes special characters in the string used in the SQL statement.
The affected characters are:
\x00 \ r \ ' "\x1a
Returned: The escaped string was successfully returned, and the failure returned false.
Note: The difference between this function and Htmlspecialchars is that mysql_real_escape_string is used to prevent SQL injection,
Htmlspecialchars is to convert HTML to avoid XSS class attacks.