In order to filter HTML and JS code, should htmlspecialchars() be called before writing the library or when reading the library? Or what?
我想大声告诉你2017-05-27 17:45:23
When preventing XSS attacks, it is generally recommended to use the htmlspecialchars function, because although strip_tags can delete HTML tags, it will not delete " or '. Therefore, even if you use strip_tags, you still need to use the htmlspecialchars function to filter out " or '
In form submission or user message board, if you want the original data output to be sent to the browser, please use the htmlspecialchars function instead of the strip_tags function.
曾经蜡笔没有小新2017-05-27 17:45:23
Basically, it is called when the inventory is in stock, which is the key to entry.
