How do everyone write PHP programs to process the HTML code entered by the user?
PHPz
PHPz 2017-05-27 17:43:23
0
2
908

In order to filter HTML and JS code, should htmlspecialchars() be called before writing the library or when reading the library? Or what?

PHPz
PHPz

学习是最好的投资!

reply all(2)
我想大声告诉你

When preventing XSS attacks, it is generally recommended to use the htmlspecialchars function, because although strip_tags can delete HTML tags, it will not delete " or '. Therefore, even if you use strip_tags, you still need to use the htmlspecialchars function to filter out " or '

In form submission or user message board, if you want the original data output to be sent to the browser, please use the htmlspecialchars function instead of the strip_tags function.

曾经蜡笔没有小新

Basically, it is called when the inventory is in stock, which is the key to entry.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template