Home > Article > Backend Development > Why can this automatically filter HTML tags?
Any content entered within angle brackets will be filtered out. Why is this? For example,
<code><!DOCTYPE html> <html> <head> <title></title> </head> <body> <form method="post"> <input type="text" name="name" id="txt1"> <button type="submit" id="btn1">提交</button> </form> </body> </html> <?php echo $_POST['name']; ?></code>
Any content entered within angle brackets will be filtered out. Why is this? For example,
<code><!DOCTYPE html> <html> <head> <title></title> </head> <body> <form method="post"> <input type="text" name="name" id="txt1"> <button type="submit" id="btn1">提交</button> </form> </body> </html> <?php echo $_POST['name']; ?></code>
htmlspecialchars converts html characters into entity characters, such as ">" into ">", which can prevent SQL injection
htmlspecialchars is used to convert html characters into entity characters to prevent sql injection. Remember one sentence, never believe that the data provided by the front end is safe! What should be filtered in the background must be filtered.