What should you pay attention to when putting data into the database and taking it out to display on the page
When entering the database
$str=addslashes($str);
$ sql="insert into `tab` (`content`) values('$str')";
When leaving the warehouse
$str=stripslashes($str );
When displayed
$str=htmlspecialchars(nl2br($str));
//-- Title, name and other fields are processed into the database (remove leading and trailing spaces)
functiontrans_string_trim($str){
$str=trim($str);
$str=eregi_replace("'"," ''",$str);
$str=stripslashes($str);
return$str;
}
//--Article storage processing, that is, textarea field;
functiontrans_string($str){
$str=eregi_replace("'","''",$str);
$str=stripslashes($str);
return$ str;
}
//--Displayed in the form from the library; converted with trans in text, in textarea, no conversion required, displayed directly
//--Displayed in WEB Page, filter HTML code; including link address
functiontrans($string){
$string=htmlspecialchars($string);
$string=ereg_replace(chr(10),"
return$string;
}
//--displayed in WEB pages, HTML codes are not filtered;
functiontrans_web($string){
$string=ereg_replace(chr(10),"
",$string);
$string= ereg_replace(chr(32),"",$string);
return$string;
}
//--Displayed on the WEB page, filtering HTML code and leading and trailing spaces, mainly used To display user nickname
functiontrans_trim($string){
$string=trim($string);
$string=htmlspecialchars($string);
$string=ereg_replace(chr( 10),"
",$string);
$string=ereg_replace(chr(32),"",$string);
return$string;
}
//--Displayed in span;
functiontrans_span($string){
$string=ereg_replace(chr(10),"n",$string);
$string=ereg_replace (chr(32),"",$string);
$string=ereg_replace('"',""",$string);
return$string;
}
//--Display cookies on WEB, filter html
functiontrans_cookie($str){
$str=trans($str);
$str=stripslashes($str);
$str=eregi_replace("''","'",$str);
return$str;
}
?>
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
