What method can php use to escape all special characters in a string?
Similar to mysql_real_escape_string, but this one is outdated and is not used on the database.
How can PHP escape all special characters in a string?
Similar to mysql_real_escape_string, but this one is outdated and is not used on the database.
htmlspecialchars
The mysql extension is abandoned after PHP5.5, you can switch to mysqli or pdo_mysql
So the mysql_real_escape_string function you mentioned, if you use mysqli, you can use mysqli_real_escape_string instead
However, it is recommended to use pdo_mysql and use prepared statements to improve security
http://php.net/manual/zh/ref....
htmlspecialcharsSingle and double quotes, greater than and less than signs, etc. are converted into HTML format;htmlentitiesAll characters are converted into HTML format;addslashesSingle and double quotes, backslashes and NULL plus backslash escape;
As other netizens said, if you use pdo, you don’t need to consider issues such as injection in database operations. pdo’s built-in preprocessing can effectively prevent sql injection and the processing of special characters.
If you don’t use pdo, then you have to do the filtering process yourself. Here is a method I recommend, for reference only
<code>function isEscape($val, $isboor = false) {
if (! get_magic_quotes_gpc ()) {
$val = addslashes ( $val );
}
if ($isboor) {
$val = strtr ( $val, array (
"%" => "\%",
"_" => "\_"
) );
}
return $val;
}</code>
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
