There is something incorrect or unclear in the article. Please point it out~~~
The configurations and functions related to PHP string escaping are as follows:
1.magic_quotes_runtime
2. magic_quotes_gpc
3.addslashes() and stripslashes()
4.mysql_escape_string()
5.addcslashes() and stripcslashes()
6.htmlentities() and html_entity_decode()
7. htmlspecialchars() and htmlspecialchars_decode()
When magic_quotes_runtime is turned on, most functions of PHP automatically add backslashes to overflow characters in data imported from outside (including databases or files).
You can use set_magic_quotes_runtime() and get_magic_quotes_runtime() to set and detect its status.
Note: These two functions have been deprecated in PHP 5.3.0 or above, which means that this option is turned off in PHP 5.3.0 or above.
Magic_quotes_gpc sets whether to automatically escape certain characters in the data transmitted by GPC (GET, POST, COOKIE).
You can use get_magic_quotes_gpc() to detect its setting.
If this setting is not turned on, you can use the addslashes() function to add and escape the string
addslashes() Add a backslash before the specified predefined character.
Predefined characters include single quotation mark ('), double quotation mark ("), backslash () and NUL (NULL character).
The above is the explanation given by W3SCHOOL.COM.CN. I always think it is not Very accurate
Because when magic_quotes_sybase=on, it converts single quotation marks (') into double quotation marks ("). When magic_quotes_sybase=off, it converts single quotation marks (') into (')
Stripslashes() function Its function is exactly the opposite of addslashes(). Its function is to remove the escaping effect.
mysql_escape_string() escapes special characters in strings used in SQL statements.
The special ones here include (x00), (n), (r), (), ( '), ("), (x1a)
addcslashes()Use reverse in C language style Slash escapes characters in a string. This function is rarely used by people, but it should be noted that when you choose to escape the characters 0, a, b, f, n, r, t and v, they will is converted to
>> Use escaping HTML entities during user input or output to prevent XSS vulnerabilities!
Today I encountered a problem with special characters in files. I noticed this problem again. In php:
* PHP characters with single quotes as delimiters String, supports two escapes ' and \
* PHP string with double quotes as delimiter, supports the following escapes:
n Line feed (LF or ASCII character 0x0A (10))
r Carriage return (CR or ASCII character 0x0D (13))
t Horizontal tab (HT or ASCII character 0x09 (9))
\ Backslash
$ Dollar sign
" Double quote
[0-7]{1,3} This regular expression sequence matches a character represented in octal notation
x[0-9A-Fa-f]{1,2} This regular expression sequence matches a Characters represented in hexadecimal notation
To give a few examples:
A containing
http://www.bkjia.com/PHPjc/318181.html
www.bkjia.com
true
http: //www.bkjia.com/PHPjc/318181.html
TechArticle
There are incorrect or unclear things in the article. Please point it out~~~ and PHP strings The configuration and functions related to escaping are as follows: 1.magic_quotes_runtime 2.magic_quotes_gpc...
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
