PHP, HTML single quotes, double quotation marks, and HTML Entity conversion!

Source: Internet
Author: User

I. single quotation marks and double quotation marks are used in PHP's data storage process. That is, when storing data in the database, you must note that single and double quotation marks are escaped;

Let's talk about several PHP functions:

1. addslashes-use a backslash to reference (escape) a string;

Returns a string that requires a backslash before certain characters for database query statements. These characters are single quotes ('), Double quotation marks ("), Backslash (\) And NUL (NullCharacters ).

One useAddslashes ()The example is when you want to input data to the database. For exampleO 'ReillyInsert to the database, which requires escaping. Most Databases\Escape Character:O \ 'Reilly. In this way, the data can be put into the database without inserting additional\. When the php Command magic_quotes_sybase is setOnIt means to insert'Will be used'Escape. By default, the php Command magic_quotes_gpc isOnIt automatically runs on all get, post, and cookie data.Addslashes (). Do not use strings that have been escaped by magic_quotes_gpcAddslashes ()Because it causes double-layer escape. In this case, you can use the get_magic_quotes_gpc () function for detection.

2. stripslashes-remove the string's backslash reference (escape)

That is, do the opposite work with addslashes;

3,Get_magic_quotes_gpc --- check whether the magic reference variable is enabled. If 1 is enabled, 0 is returned for enabling;


If (! Get_magic_quotes_gpc ()){
$ Lastname = addslashes ($ _ post ['lastname']);
} Else {
$ Lastname = $ _ post ['lastname'];
}
Echo $ lastname;
$ SQL = "insert into lastnames (lastname) values ('$ lastname ')";

 

Ii. Escape entities:

We often encounter places that allow users to enter information such as message boards. These areas should be noted because they do not convert objects or the like, HTML code and script scripts can be easily input and saved and executed by other users;

Therefore, if you enter <a href = "XXX"> Hello </a> in the input text, we try to block it. Otherwise, the user will be confused, for example, to adjust the CSS style, the page will be messy. Let's not talk about it. Here are a few functions for PHP to convert objects:

1. special characters escaped by htmlspecialchars () are HTML objects;

  • '&' (Ampersand) becomes '& amp ;'
  • '"' (Double quote) becomes '& quot; 'WhenEnt_noquotesIs not set.
  • ''' (Single quote) becomes '& #039;' only whenEnt_quotesIs set.
  • '<' (Less than) becomes '& lt ;'
  • '>' (Greater than) becomes '& gt ;'

2. htmlspecialchars_decode () converts an object into HTML code. function 1's Inverse Function

 

3. htmlentities (): This function converts all HTML entities. The difference from htmlspecialchars () is that this function escapes all characters while htmlspecialchars () only the five special characters limited above are escaped!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.