1. Addslashes ()Addslashes () escapes special characters in SQL statements, including ('), ("), (), (NUL) four characters, which are used when the DBMS does not have its own escape function, but if the DBMS has its own escape function, it is
WString urlencode ( string $str )Returns a string in which all non-alphanumeric characters except -_ are replaced with a percent sign (%) followed by a two-digit hexadecimal number, and a space is encoded as a plus (+). This encoding is the same as
Here are just a few simple and common functions, chop performs the removal of whitespace processing, get_html_translation_table returns a conversion list to a variable, and defines a string that includes HTML encoding Htmlentities,htmlspecialchars_
Addslashes: String add Slash.
Bin2Hex: The binary turns into 16 carry.
Chop: Remove continuous blank.
CHR: Returns the character of the ordinal value.
Chunk_split: Splits the string into small segments.
Convert_cyr_string: Converts the ancient
This article mainly introduces Yii2's XSS attack prevention policies, analyzes in detail the XSS attack principles and Yii2's corresponding defense policies, for more information about Yii2 XSS attack prevention policies, see the following example.
PHP Html_entity_decode () applies to PHP 4.3.0+ and converts HTML entities into characters.
Html_entity_decode (string containing HTML entities, optional how to decode quotes, optional character encoding set)
If the string contains a character set
This article mainly introduces the commonly used escape functions, security functions in PHP, use these functions can filter most common attack means, such as SQL injection, the need for friends can refer to the
1. addslashes
Addslashes escapes
PHP Html_entity_decode () applies to PHP 4.3.0+, which converts HTML entities into characters.
Html_entity_decode (a string containing an HTML entity, optionally how to decode quotes, optional character encoding sets)
If the string contains a
Here are just a few simple and common functions, chop performs the removal of whitespace processing, get_html_translation_table returns a conversion list to a variable, and defines a string that includes HTML encoding Htmlentities,htmlspecialchars_
This paper describes the prevention strategy of XSS attack in Yii2. Share to everyone for your reference, as follows:
XSS Bug fix
Principle: Do not trust the data entered by the customerNote: The attack code is not necessarily in the
① flags The
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.