PHP, HTML single quotes, double quotation marks, and HTML Entity conversion!

I. single quotation marks and double quotation marks are used in PHP's data storage process. That is, when storing data in the database, you must note that single and double quotation marks are escaped;

Let's talk about several PHP functions:

1. addslashes-use a backslash to reference (escape) a string;

Returns a string that requires a backslash before certain characters for database query statements. These characters are single quotes ('), Double quotation marks ("), Backslash (\) And NUL (NullCharacters ).

One useAddslashes ()The example is when you want to input data to the database. For exampleO 'ReillyInsert to the database, which requires escaping. Most Databases\Escape Character:O \ 'Reilly. In this way, the data can be put into the database without inserting additional\. When the php Command magic_quotes_sybase is setOnIt means to insert'Will be used'Escape. By default, the php Command magic_quotes_gpc isOnIt automatically runs on all get, post, and cookie data.Addslashes (). Do not use strings that have been escaped by magic_quotes_gpcAddslashes ()Because it causes double-layer escape. In this case, you can use the get_magic_quotes_gpc () function for detection.

2. stripslashes-remove the string's backslash reference (escape)

That is, do the opposite work with addslashes;

3,Get_magic_quotes_gpc --- check whether the magic reference variable is enabled. If 1 is enabled, 0 is returned for enabling;

If (! Get_magic_quotes_gpc ()){
$ Lastname = addslashes ($ _ post ['lastname']);
} Else {
$ Lastname = $ _ post ['lastname'];
}
Echo $ lastname;
$ SQL = "insert into lastnames (lastname) values ('$ lastname ')";

 

Ii. Escape entities:

We often encounter places that allow users to enter information such as message boards. These areas should be noted because they do not convert objects or the like, HTML code and script scripts can be easily input and saved and executed by other users;

Therefore, if you enter <a href = "XXX"> Hello </a> in the input text, we try to block it. Otherwise, the user will be confused, for example, to adjust the CSS style, the page will be messy. Let's not talk about it. Here are a few functions for PHP to convert objects:

1. special characters escaped by htmlspecialchars () are HTML objects;

• '&' (Ampersand) becomes '& amp ;'
• '"' (Double quote) becomes '& quot; 'WhenEnt_noquotesIs not set.
• ''' (Single quote) becomes '& #039;' only whenEnt_quotesIs set.
• '<' (Less than) becomes '& lt ;'
• '>' (Greater than) becomes '& gt ;'

2. htmlspecialchars_decode () converts an object into HTML code. function 1's Inverse Function

 

3. htmlentities (): This function converts all HTML entities. The difference from htmlspecialchars () is that this function escapes all characters while htmlspecialchars () only the five special characters limited above are escaped!