Example code for removing slashes when submitting a php form

The reason why the php program adds backslashes is to escape special characters. We know that there are some special characters, such as backslash box "/", single quote "'", double quote Slash "//", semicolon ";" and other special symbols, if not escaped, cannot be directly entered into the database, and will directly generate errors, such as inserting double slashes in a direct SQL insert statement. , and the double slash, when not escaped, is the comment symbol of PHP. It is put directly into SQL. Before it is inserted, the following statements have been commented out. Is it possible to prevent an error? If we want to operate special characters ourselves, it will not cause too big a problem. If someone maliciously inserts into the database, then it is not just a matter of escaping, but the database will be directly attacked. Therefore, before inserting data into the library, we must verify the data and escape special characters, that is, verify its identity

This article The article mainly introduces the method of removing slashes when submitting forms in PHP, and involves PHP's related skills in filtering elements for page form submissions. Friends in need can refer to , the details are as follows:

<html>
  <head>
    <title>HTML 表单</title>
  </head>
  <body>
    <form action="" method="POST">
      请输入一个字符串：
      <input type="text" size="30" name="str" value="">
      <input type="submit" name="submit" value="提交"><br/>
    </form>
    <?php
      if(isset($_POST[&#39;submit&#39;])) {
        //this a "test"，5.3.8不自动加斜杠，我测试时是这样的
        echo "原型输出：".$_POST[&#39;str&#39;]."<br/>";
        echo "转换实例：".htmlspecialchars($_POST[&#39;str&#39;])."<br/>";
        echo "删除斜线：".stripslashes($_POST[&#39;str&#39;])."<br/>";
        echo "删除斜线和转换实体:".html2Text($_POST[&#39;str&#39;])."<br/>";
      }
      function html2Text($input) {
        return htmlspecialchars(stripslashes($input));
      }
    ?>
    <?php
      $str = "<font color=&#39;red&#39; size=7>Linux</font><i>Apache</i><u>MySQL</u><b>PHP</b>";
      echo strip_tags($str);//删除全部HTML标签
      echo "<br/>";
      echo strip_tags($str,"<font>");//第二个参数，保留的标签
      echo "<br/>";
      echo strip_tags($str,"<b><u><i>");
    ?>
  </body>
</html>

The above is the detailed content of Example code for removing slashes when submitting a php form. For more information, please follow other related articles on the PHP Chinese website!