Home >Backend Development >PHP Tutorial >Summary of functions related to PHP character escape (escape string under php)_PHP tutorial

Summary of functions related to PHP character escape (escape string under php)_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:55:58769browse

There is something incorrect or unclear in the article. Please point it out~~~

The configurations and functions related to PHP string escaping are as follows:
1.magic_quotes_runtime
2. magic_quotes_gpc
3.addslashes() and stripslashes()
4.mysql_escape_string()
5.addcslashes() and stripcslashes()
6.htmlentities() and html_entity_decode()
7. htmlspecialchars() and htmlspecialchars_decode()

When magic_quotes_runtime is turned on, most functions of PHP automatically add backslashes to overflow characters in data imported from outside (including databases or files).
You can use set_magic_quotes_runtime() and get_magic_quotes_runtime()‍ to set and detect its status.
Note: These two functions have been deprecated in PHP 5.3.0 or above, which means that this option is turned off in PHP 5.3.0 or above.

Magic_quotes_gpc sets whether to automatically escape certain characters in the data transmitted by GPC (GET, POST, COOKIE).
You can use get_magic_quotes_gpc() to detect its setting.
If this setting is not turned on, you can use the addslashes() function to add and escape the string

addslashes()‍ Add a backslash before the specified predefined character.
Predefined characters include single quotation mark ('), double quotation mark ("), backslash () and NUL (NULL character).
The above is the explanation given by W3SCHOOL.COM.CN. I always think it is not Very accurate
Because when magic_quotes_sybase=on, it converts single quotation marks (') into double quotation marks ("). When magic_quotes_sybase=off, it converts single quotation marks (') into (')
Stripslashes() function Its function is exactly the opposite of addslashes(). Its function is to remove the escaping effect.

mysql_escape_string() escapes special characters in strings used in SQL statements. ‍
The special ones here include (x00), (n), (r), (), ( '), ("), (x1a)

addcslashes()‍Use reverse in C language style Slash escapes characters in a string. This function is rarely used by people, but it should be noted that when you choose to escape the characters 0, a, b, f, n, r, t and v, they will is converted to
‍>> Use escaping HTML entities during user input or output to prevent XSS vulnerabilities!

Today I encountered a problem with special characters in files. I noticed this problem again. In php:

* PHP characters with single quotes as delimiters String, supports two escapes ' and \
* PHP string with double quotes as delimiter, supports the following escapes:
n Line feed (LF or ASCII character 0x0A (10))
r Carriage return (CR or ASCII character 0x0D (13))
t Horizontal tab (HT or ASCII character 0x09 (9))
\ Backslash
$ Dollar sign
" Double quote
[0-7]{1,3} This regular expression sequence matches a character represented in octal notation
x[0-9A-Fa-f]{1,2} This regular expression sequence matches a Characters represented in hexadecimal notation

To give a few examples:

A containing



http://www.bkjia.com/PHPjc/318181.html

www.bkjia.com

true

http: //www.bkjia.com/PHPjc/318181.html

TechArticle

There are incorrect or unclear things in the article. Please point it out~~~ and PHP strings The configuration and functions related to escaping are as follows: 1.magic_quotes_runtime 2.magic_quotes_gpc...





Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn