Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

php web request security processing

不言
Release: 2023-04-02 14:56:02
Original
1777 people have browsed it

1. The difference between urlencode and rawurlencode

<?php 
test(&#39;https://tieba.baidu.com/f?kw=2&fr=wwwt&#39;);
test(&#39;:/?= &#&#39;);
test(&#39;测试&#39;);
function test($s)
{
    echo "<b>urlencode(&#39;$s&#39;)</b> = [<b>";
    var_dump(urlencode($s));
    echo "</b>]<br/>";
    echo "<b>rawurlencode(&#39;$s&#39;)</b> = [<b>";
    var_dump(rawurlencode($s));
    echo "</b>]<br/>";
}

//运行结果
urlencode(&#39;https://tieba.baidu.com/f?kw=2&fr=wwwt&#39;) = [
D:\software\wamp\www\linux\webApi\test.php:9:string &#39;https%3A%2F%2Ftieba.baidu.com%2Ff%3Fkw%3D2%26fr%3Dwwwt&#39; (length=54)
]
rawurlencode(&#39;https://tieba.baidu.com/f?kw=2&fr=wwwt&#39;) = [
D:\software\wamp\www\linux\webApi\test.php:12:string &#39;https%3A%2F%2Ftieba.baidu.com%2Ff%3Fkw%3D2%26fr%3Dwwwt&#39; (length=54)
]
urlencode(&#39;:/?= &#&#39;) = [
D:\software\wamp\www\linux\webApi\test.php:9:string &#39;%3A%2F%3F%3D+%26%23&#39; (length=19)
]
rawurlencode(&#39;:/?= &#&#39;) = [
D:\software\wamp\www\linux\webApi\test.php:12:string &#39;%3A%2F%3F%3D%20%26%23&#39; (length=21)
]
urlencode(&#39;测试&#39;) = [
D:\software\wamp\www\linux\webApi\test.php:9:string &#39;%E6%B5%8B%E8%AF%95&#39; (length=18)
]
rawurlencode(&#39;测试&#39;) = [
D:\software\wamp\www\linux\webApi\test.php:12:string &#39;%E6%B5%8B%E8%AF%95&#39; (length=18)
]
Copy after login

As can be seen from the above execution results, the results of the two methods urlencode and rawurlencode are the same when processing letters, numbers, special symbols, and Chinese. , the only difference is the processing of spaces, urlencode is processed as " ", rawurlencode is processed as " "

2. Function strip_tags: remove HTML and PHP tags

Note: This function can remove any HTML and PHP tag strings contained in the string. If the HTML and PHP tags of the string are originally wrong, for example, the greater than symbol is missing, an error will also be returned. This function has the same function as fgetss(). fgetss reads the file from the file and removes the html and php tags. 

<?php

echo strip_tags("Hello <b>world!</b>");
Copy after login

Run results

Hello world!
Copy after login

3. Function htmlspecialchars, convert special characters into HTML format

htmlspecialchars() function converts predefined characters Convert to HTML entities.
The predefined characters are:
& (ampersand) becomes &
" (double quotation mark) becomes "
' (single quotation mark) becomes '
< (less than) becomes <
> (greater than) becomes>

##

<?php
echo htmlspecialchars("This is some <b>bold</b> text.&");
Copy after login

Run result

This is some <b>bold</b> text.&
Copy after login

4. The function htmlentities converts all characters into HTML strings


Maybe you are still regretting that htmlspecialchars can only handle 4 html tags, so don’t regret it now. htmlentities is to convert all characters. 

<?php

echo htmlentities("<? W3S?h????>");
Copy after login

Running results

<? W3S?h????>
Copy after login

5. addslashes, the function returns a string with a backslash added before the predefined characters.

The predefined characters are:

Single quotation mark (')
Double quotation mark (")
Backslash (\)
NULL

<?php

echo addslashes(&#39;Shanghai is the "biggest" city in China.&#39;);
Copy after login

Running result

Shanghai is the \"biggest\" city in China.
Copy after login

6. Stripslashes is the string referenced by restoring addslashes. 

<?php

echo stripslashes("Who\&#39;s Bill Gates?");
Copy after login

Running results

Who&#39;s Bill Gates?
Copy after login
The above is the entire content of this article. I hope it will be helpful to everyone's learning. More For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

How to use php cocket

PHP source code php -beast encryption

PHP implementation of sending emails using QQ mailbox

The above is the detailed content of php web request security processing. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
php
source:php.cn
Previous article:How to use php cocket Next article:Scope in PHP
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...
From 2024-04-06 22:09:02
0
1
1428
Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...
From 2024-04-06 22:03:59
0
1
990
What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...
From 2024-04-06 21:55:20
0
1
778
Problems encountered when using opentbs to generate odt files: values ​​of the same key are displayed in the same row instead of separate columns. I'm using a library called OpenTbs to create odt using PHP, I'm using it because columns a...
From 2024-04-06 20:18:18
0
1
483
Group MySQL results by ID for looping over I have a table with flight data in mysql. I'm writing a php code that will group and displ...
From 2024-04-06 17:27:56
0
1
406
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template