php escape string special characters

What method can php use to escape all special characters in a string?
Similar to mysql_real_escape_string, but this one is outdated and is not used on the database.

Reply content:

How can PHP escape all special characters in a string?
Similar to mysql_real_escape_string, but this one is outdated and is not used on the database.

htmlspecialchars

The mysql extension is abandoned after PHP5.5, you can switch to mysqli or pdo_mysql

So the mysql_real_escape_string function you mentioned, if you use mysqli, you can use mysqli_real_escape_string instead

However, it is recommended to use pdo_mysql and use prepared statements to improve security

http://php.net/manual/zh/ref....

htmlspecialcharsSingle and double quotes, greater than and less than signs, etc. are converted into HTML format;htmlentitiesAll characters are converted into HTML format;addslashesSingle and double quotes, backslashes and NULL plus backslash escape;

• As other netizens said, if you use pdo, you don’t need to consider issues such as injection in database operations. pdo’s built-in preprocessing can effectively prevent sql injection and the processing of special characters.

• If you don’t use pdo, then you have to do the filtering process yourself. Here is a method I recommend, for reference only

<code>function isEscape($val, $isboor = false) {
    if (! get_magic_quotes_gpc ()) {
        $val = addslashes ( $val );
    }
    if ($isboor) {
        $val = strtr ( $val, array (
                "%" => "\%",
                "_" => "\_" 
        ) );
    }
    return $val;
}</code>