htmlspecialchars() 函数把预定义的字符转换为 HTML 实体。
<?php $str = "This is some <b>bold</b> text."; echo htmlspecialchars($str); ?>
htmlspecialchars() 函数把预定义的字符转换为 HTML 实体。
预定义的字符是:
& (和号)成为 &
" (双引号)成为 "
' (单引号)成为 '
< (小于)成为 <
> (大于)成为 >
案例:
if($_GET['id']!=null){ $_sql = " SELECT * FROM o_code WHERE o_id =$_id LIMIT 1 "; $_result = _fetch_array($_sql); if ($_GET['action'] == 'code') { $_english = trim($_POST['english']); $_sym = trim($_POST['symbol']); $_symbol = htmlspecialchars($_sym,ENT_QUOTES); $_info = trim($_POST['info']); $_type = trim($_POST['type']); $_sql = "UPDATE o_code SET o_english = '$_english', o_symbol = '$_symbol', o_info = '$_info', o_type = '$_type' WHERE o_id = $_id"; _query($_sql); _close(); echo "<script type='text/javascript'>alert('修改成功');location.href='code.of.update.php?id=$_id';</script>"; exit(); } }
参考文档:http://www.w3school.com.cn/php/func_string_htmlspecialchars.asp 打开