Three functions that I often confuse in PHP, and three functions obfuscated in PHP. Three functions that I often confuse in PHP: www.ido321.com1252.html 1. htmlentities () and htmlspecialchars () 1. htmlentities () 1.1: three functions that I often confuse in PHP, and three functions obfuscated in PHP
Original article: http://www.ido321.com/1252.html
1. htmlentities () and htmlspecialchars ()
1. htmlentities ()
1.1 Function: convert characters into HTML objects. Characters include ASCII entity and ISO 8859-1 entity (HTML entity table: http://www.w3school.com.cn/tags/html_ref_entities.html)
1.2 Syntax: htmlentities (string, quotestyle, character-set)
1.3 Parameter: string is a required parameter and a string to be converted. Others are optional. quotestyle specifies how to encode single quotation marks and double quotation marks: ENT_COMPAT-default. Encode only double quotation marks; ENT_QUOTES-encode double quotation marks and single quotation marks; ENT_NOQUOTES-do not encode any quotation marks. Character-set is the character set for specification conversion, commonly used with UTF-8/GB-2312/ISO-8859-1 (default ).
1.4 Tip: unrecognized character sets will be ignored and replaced by a ISO-8859-1.
$ Str = "John & 'Adams'"; echo htmlentities ($ str); // output in the browser: John & 'Adams' // View Source code: John & 'Adams'
2. htmlspecialchars ()
2.1 convert some predefined characters into HTML objects. All predefined characters are ASCII entities, meaning this function cannot convert ISO 8859-1 entities, which is different from htmlrntities ().
The predefined characters are:
- & (And number) become &
- "(Double quotation marks)"
- '(Single quotes)'
- <(Less than) becomes <
- > (Greater than) become>
2.2 htmlspecialchars (string, quotestyle, character-set)
2.3 Parameter htmlentities ()
2.4 Tip: unrecognized character sets will be ignored and replaced by a ISO-8859-1.
$ Str = "John & 'Adams'"; echo htmlentities ($ str); // output in the browser: John & 'Adams' // View Source code: John & 'Adams'
2. html_entity_decode () and htmlspecialchars_decode ()
The html_entity_decode (string, quotestyle, character-set) function converts an HTML object to a character, which is an inverse function of htmlentities.
The htmlspecialchars_decode (string, quotestyle) function converts a predefined HTML object to a character, which is an inverse function of htmlspecialchars.
$ Str = "John & 'Adams'"; echo html_entity_decode ($ str); // browser output: John & 'Adams' // source code: John & 'Adams'
3. addslashes () and addcslashes ()
1. addslashes (string): add a backslash before the specified predefined character. String is the string to be checked. This function can be used to prepare appropriate strings for strings stored in the database and database query statements.
The predefined characters are:Single quotation marks ('), double quotation marks ("), backslashes (\), and NULL
Ps: by default, the magic_quotes_gpc command of PHP is on, and addslashes () is automatically run for all GET, POST, and COOKIE data (). Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this causes double-layer escape. In this case, you can use the get_magic_quotes_gpc () function for detection.
$str = "Who's John Adams?";echo $str . " This is not safe in a database query.
";echo addslashes($str) . " This is safe in a database query.";
Output:
Who's John Adams? This is not safe in a database query.Who\'s John Adams? This is safe in a database query.
2. addcslashes (String,Characters) Add a backslash before the specified character. Stirng is required, and the second is optional. Specifies the character or character range affected by addcslashes.
Ps:Be careful when applying addcslashes () to 0, r, n, and t. In PHP, \ 0, \ r, \ n, and \ t are predefined escape sequences. This function can be used to add any character, including pre-defined characters, in reverse oblique form. this is different from addslashes.
// Add the backslash $ str = "Hello, my name is John Adams. "; echo $ str; echo addcslashes ($ str, 'M'); echo addcslashes ($ str, 'J ');
Output:
Hello, my name is John Adams.Hello, \my na\me is John Ada\ms.Hello, my name is \John Adams.
// Add the backslash $ str = "Hello, my name is John Adams. "; echo $ str; echo addslashes ($ str); // use addslashesecho addcslashes ($ str, 'a .. z'); echo addcslashes ($ str, 'a .. z'); echo addcslashes ($ str, 'a .. h ');
Output:
Hello, my name is John Adams.
Hello, my name is John Adams.
\ Hello, my name is \ John \ Adams.
H \ e \ l \ o, \ m \ y \ n \ a \ m \ e \ I \ s J \ o \ h \ n A \ d \ a \ m \ s.
H \ ello, my n \ am \ e is Jo \ hn A \ d \ ams.
Next Article: install XAMPP In Ubuntu
Http://www.ido321.com/1252.html 1, htmlentities () and htmlspecialchars () 1, htmlentities () 1.1 features :...