PHP's summary of filtering and processing methods for form submission special characters

PHP makes a summary of the processing method of special characters for form submission, mainly involving the combined use of several functions such as htmlspecialchars/addslashes/stripslashes/strip_tags/mysql_real_escape_string, etc., to communicate with everyone.

1. Several PHP functions related to special character processing

The function name

paraphrase

introduce

htmlspecialchars

Put and, single and double quotation marks, greater than and less than in HTML format

& into &
"Into"
'to'
< into <
> into >

htmlentities()

All characters are converted to HTML format

In addition to the above htmlspecialchars characters, also includes double byte characters displayed as encoding, etc.

addslashes

Single and double quotes, backslash and NULL with backslash escape

The characters changed include single quotation marks ('), double quotation marks ("), backslash backslash (\), and null NULL.

stripslashes

Remove backslash characters

Remove backslash characters from the string. If two backslashes are in a row, remove one and leave one. If there is only one backslash, just get rid of it.

quotemeta

Add reference symbol

String containing. \\ + *? Characters such as [^] ($) are preceded by a backslash "\" symbol.

nl2br()

Converts a newline character to

strip_tags

Remove the HTML and PHP tags

Remove any HTML and PHP tags from the string, including anything between the tag blocks. Note that if there is an error in the string HTML and PHP tags, an error is also returned.

mysql_real_escape_string

Escape special characters in the SQL string

Escape \x00 \n \r Spaces \ '" \x1a, effective for multi-byte character handling. mysql_real_escape_string determines the character set, mysql_escape_string does not.