Three functions I often confuse in PHP: http://www.ido321.com/1252.html
1. htmlentities () and htmlspecialchars ()
1. htmlentities ()
1.1 Function: convert characters into HTML objects. Characters include ASCII entity and ISO 8859-1 entity (HTML entity table: http://www.w3school.com.cn/tags/html_ref_entities.html)
1.2 Syntax: htmlentities (string, quotestyle, character-set)
1.3 Parameter: string is a required parameter and a string to be converted. Others are optional. how do I encode single quotation marks and double quotation marks: ENT_COMPAT? Default value. Only double quotation marks are encoded; ENT_QUOTES? Encode double quotation marks and single quotation marks; ENT_NOQUOTES? No quotation marks are encoded. Character-set is the character set for specification conversion, commonly used with UTF-8/GB-2312/ISO-8859-1 (default ).
1.4 Tip: unrecognized character sets will be ignored and replaced by a ISO-8859-1.
$ Str = "John & 'Adams'"; echo htmlentities ($ str); // output in the browser: John & 'Adams' // View Source code: John & 'Adams'
2. htmlspecialchars ()
2.1 convert some predefined characters into HTML objects. All predefined characters are ASCII entities, meaning this function cannot convert ISO 8859-1 entities, which is different from htmlrntities ().
The predefined characters are:
& (And number) become &
"(Double quotation marks)"
'(Single quotes)'
<(Less than) becomes <
> (Greater than) become>
2.2 htmlspecialchars (string, quotestyle, character-set)
2.3 Parameter htmlentities ()
2.4 Tip: unrecognized character sets will be ignored and replaced by a ISO-8859-1.
$ Str = "John & 'Adams'"; echo htmlentities ($ str); // output in the browser: John & 'Adams' // View Source code: John & 'Adams'
2. html_entity_decode () and htmlspecialchars_decode ()
The html_entity_decode (string, quotestyle, character-set) function converts an HTML object to a character, which is an inverse function of htmlentities.
The htmlspecialchars_decode (string, quotestyle) function converts a predefined HTML object to a character, which is an inverse function of htmlspecialchars.
$ Str = "John & 'Adams'"; echo html_entity_decode ($ str); // browser output: John & 'Adams' // source code: John & 'Adams'
3. addslashes () and addcslashes ()
1. addslashes (string): add a backslash before the specified predefined character. String is the string to be checked. This function can be used to prepare appropriate strings for strings stored in the database and database query statements.
The predefined characters are:Single quotation marks ('), double quotation marks ("), backslashes (\), and NULL
Ps: by default, the magic_quotes_gpc command of PHP is on, and addslashes () is automatically run for all GET, POST, and COOKIE data (). Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this causes double-layer escape. In this case, you can use the get_magic_quotes_gpc () function for detection.
$ Str = "Who's John Adams? "; Echo $ str." This is not safe in a database query.
"; Echo addslashes ($ str)." This is safe in a database query .";
Output:
Who's John Adams? This is not safe in a database query.Who\'s John Adams? This is safe in a database query.
2. add a backslash before the specified character to the addcslashes (string, characters) function. Stirng is required, and the second is optional. Specifies the character or character range affected by addcslashes.
Ps:Be careful when applying addcslashes () to 0, r, n, and t. In PHP, \ 0, \ r, \ n, and \ t are predefined escape sequences. This function can be used to add any character, including pre-defined characters, in reverse oblique form. this is different from addslashes.
// Add the backslash $ str = "Hello, my name is John Adams. "; echo $ str; echo addcslashes ($ str, 'M'); echo addcslashes ($ str, 'J ');
Output:
Hello, my name is John Adams.Hello, \my na\me is John Ada\ms.Hello, my name is \John Adams.
// Add the backslash $ str = "Hello, my name is John Adams. "; echo $ str; echo addslashes ($ str); // use addslashesecho addcslashes ($ str, 'a .. z'); echo addcslashes ($ str, 'a .. z'); echo addcslashes ($ str, 'a .. h ');
Output:
Hello, my name is John Adams.
Hello, my name is John Adams.
\ Hello, my name is \ John \ Adams.
H \ e \ l \ o, \ m \ y \ n \ a \ m \ e \ I \ s J \ o \ h \ n A \ d \ a \ m \ s.
H \ ello, my n \ am \ e is Jo \ hn A \ d \ ams.