Original address: http://www.manongjc.com/article/1103.html
Let's take a look at the usage examples of the Htmlspecialchars function and the Strip_tags function:
<? PHP $str= "<a href= ' http://www.manongjc.com ' > Yard course ' \" </a> "; Echo Htmlspecialchars ($str); Echo "<br/><br/>"; Echo Strip_tags ($str);
The browser outputs the following results:
<a href= ' http://www.manongjc.com ' > Yard course '"</a> Code farming tutorial "
View the page source code, the results are as follows:
<href= ' http://www.manongjc.com '> Code farming Tutorial '</a >< BR />< BR />
From the results we can see that the difference between htmlspecialchars () and Strip_tags is as follows:
Difference One:
The Strip_tags function uses to remove HTML tags, and htmlspecialchars does not remove the HTML tags, just converts the tags to HTML instances, so the biggest difference between the two is to delete the HTML tags, One is to convert HTML tags to other characters.
Difference Two:
If you need to remove HTML tags in the string inside the original error, such as less than the symbol, the use of the Strip_tags function will return errors, and Htmlspecialchars will not have errors, and then converted to HTML entities.
Difference Three:
It is generally recommended to use the Htmlspecialchars function when preventing XSS attacks, because strip_tags can delete HTML tags, but it does not remove "或‘。因此就算你使用了
strip_tags, You still need to use the Htmlspecialchars function to filter out"或‘
In the form submission or user message board, if you want the raw output of the data with the browser, then use the Htmlspecialchars function, do not use the Strip_tags function.
For Htmlspecialchars () and Strip_tags functions, refer to reading:
Http://www.manongjc.com/article/1213.html
Http://www.manongjc.com/article/1099.html
Http://www.manongjc.com/article/795.html
PHP uses the Htmlspecialchars () and Strip_tags functions to filter the differences between HTML tags