String formatting related to HTML tags

String formatting related to HTML tags

string nl2br ( string $string )

nl2br() is to replace \n with <br> //javascript pair\n to be able to perform line wrapping, and pair</br> is not able to perform line wrapping

htmlspecialchars() converts some predefined characters into HTML entities.

string htmlspecialchars(string,quotestyle,[character-set])

Convert the following characters and their corresponding entities

& （和号） 成为 &
" （双引号） 成为 "
' （单引号） 成为 '
< （小于） 成为 <
> （大于） 成为 >           

The second parameter: ENT_COMPAT converts only double quotes, keeps single quotes, and is the default value compat: compatibility

ENT_QUOTES Convert both quotes at the same time: quotes

ENT_NOQUOTES does not convert quotation marks

<html>
<body>
<?php
$str = "John & \" 'Adams'";
echo htmlspecialchars($str, ENT_COMPAT);
echo "<br />";
echo htmlspecialchars($str, ENT_QUOTES);
echo "<br />";
echo htmlspecialchars($str, ENT_NOQUOTES);
?>
</body>
</html>           

Output: John & " 'Adams'

John & " 'Adams'

John & " 'Adams'

htmlentities() can convert all non-ASCII characters into corresponding entity codes; In addition to letters, numbers, and \, Chinese characters and other characters on the keyboard are converted

<?php
$str = "A 'quote' \" is <b>bold</b>" ;
echo htmlentities ( $str ); // 输出后源代码: A 'quote' is <b>bold</b>
echo htmlentities ( $str , ENT_QUOTES ); // 输出后源代码: A 'quote' is <b>bold</b>
?>           

返回的结果:A 'quote' "is <b>bold</b>

A 'quote' "is <b>bold</b>

注意: htmlspecialchars()和htmlentities作用直接输出HTML脚本

The htmlspecialchars() and htmlentities() functions do not escape the entity code for the escape character "\", either as an escape character or as is;

PHP中htmlentities和htmlspecialchars的区别

The function of both functions is to convert characters to HTML character encoding, specifically urls and code strings. Prevent character tags from being executed by browsers.

There is no difference when using Chinese, but HtmlEntities will format Chinese characters so that Chinese input is garbled.

HtmlEntities converts all HTML markup, and HtmlSpecialChars only formats the &'" < and > of these special symbols

addslashes() adds a backslash before the specified predefined character.

These predefined characters are: single quotation marks (') double quotation marks (") backslash (\) NULL characters (\x00)

Tip: This function can be used to prepare appropriate strings for strings stored in the database, as well as for database query statements.

Note: By default, the PHP directive magic_quotes_gpc is on and automatically runs addslashes() on all GET, POST, and COOKIE data.

Don't use addslashes() on strings that have already been magic_quotes_gpc escaped, as this will result in a double layer of escape.

遇到这种情况时可以使用函数 get_magic_quotes_gpc() 进行检测。 (如:$c=(!get_magic_quotes_gpc())?addslashes($c):$c;)

In this example, we're going to add a backslash to a predefined character in the string:

<?php
$str = "Who's John Adams?";
echo $str . " This is not safe in a database query.<br />";
echo addslashes($str) . " This is safe in a database query.";
?>           

Output:

Who's John Adams? This is not safe in a database query.

Who\'s John Adams? This is safe in a database query.

<?php
header("Content-type:text/html; charset=utf-8");
$str = "wo are \x0a studying \x00 php";
echo $str;
echo "<br>";
echo addslashes($str);
?>           

Output:

wo are studying php

wo are studying \0 php

stripslashes() 删除反斜线（"\"）

In the submitted form data, the characters such as '" \ are automatically preceded by a \, which is the option magic_quotes_gpc in the configuration file php.ini in effect,

It is enabled by default, but if it is not processed, when the data is saved to the database, the database may mistake it for a control symbol and cause an error.

通常htmlspecialchars()和stripslashes()函数复合的方式，联合处理表单中的提交的数据htmlspecialchars(stripslashes())

strip_tags()

string strip_tags ( string $str [, string $allowable_tags ] )

Strip HTML, XML, and PHP tags.

<?php
echo strip_tags("Hello <b><i>world!</i></b>","<b>");
?>           

输出结果:Hello world!

Instance:

<?php
$str = "<b>webserver;</b> & \ 'Linux' & Apache";
echo "$str"; //直接输出
echo "<br/>";
echo htmlspecialchars($str,ENT_COMPAT); //只转换双引号,为默认参数
echo "<br />";
echo htmlspecialchars($str,ENT_NOQUOTES); //不对引号进行转换
echo "<br />";
echo htmlspecialchars($str,ENT_QUOTES); //同时转换单引号和双引号
echo "<br />";
echo htmlentities($str); //将所有的非ASCII码字符转换为对应的实体代码
echo "<br />";
echo addslashes($str); //将" ' \ 字符前添加反斜线
echo "<br />";
echo stripslashes($str); //删除反斜线
echo "<br />";
echo strip_tags($str); //删除<html>标记
?>           

Output:

webserver; & \ 'Linux' & Apache

<b>webserver;</b> & \ 'Linux' & Apache

<b>webserver;</b> & \ 'Linux' & Apache

<b>webserver;</b> & \ 'Linux' & Apache

<b>webserver;</b> & \ 'Linux' & Apache

webserver; & \\ \'Linux\' & Apache

webserver; & 'Linux' & Apache

webserver; & \ 'Linux' & Apache