Home  >  Article  >  Backend Development  >  Why can this automatically filter HTML tags?

Why can this automatically filter HTML tags?

WBOY
WBOYOriginal
2016-08-18 09:16:111204browse

Any content entered within angle brackets will be filtered out. Why is this? For example, will be filtered. Why is it automatically filtered? Is there no need to filter in the background? What is the role of htmlspecialchars? I tried it and used this function to print out html tags

<code><!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<form method="post">
    <input type="text" name="name" id="txt1">
    <button type="submit" id="btn1">提交</button>
</form>
</body>
</html>
<?php
echo $_POST['name'];
?></code>

Reply content:

Any content entered within angle brackets will be filtered out. Why is this? For example, will be filtered. Why is it automatically filtered? Is there no need to filter in the background? What is the role of htmlspecialchars? I tried it and used this function to print out html tags

<code><!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<form method="post">
    <input type="text" name="name" id="txt1">
    <button type="submit" id="btn1">提交</button>
</form>
</body>
</html>
<?php
echo $_POST['name'];
?></code>

htmlspecialchars converts html characters into entity characters, such as ">" into ">", which can prevent SQL injection

htmlspecialchars is used to convert html characters into entity characters to prevent sql injection. Remember one sentence, never believe that the data provided by the front end is safe! What should be filtered in the background must be filtered.

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn