In the development, it is often necessary to pass over the user data is filtered to prevent some malicious user input in PHP used to htmlspecialchars()
, htmlentities()
and strip_tags()
function to handle.
In use today htmlspecialchars()
do special character conversion, has been returned null
, when I replaced htmlentities()
is the same problem, check the official manual I realized that coding problems.
Function declaration:
The main problem is on the third argument, the third argument for official says so:
This effect is the coding parameter used when converting character set used in the PHP 5.4 and 5.5 UTF-. 8 as a default encoding, prior to the use of 5.4 PHP the ISO-8859-1 as the default encoding, from the beginning uses the PHP PHP 5.6 profile default_charset
parameters as the default encoding. encoding
Parameters supported character sets:
From PHP update log you can also see a change in this parameter:
Generally, we are so used:
1 |
str = $ ' <a href="test.html"> ' big column to solve the problem of the PHP htmlspecialchars return null ; test page ' </a> <Script> Alert ( 213 ) </ Script> '; |
Today, when in use, the results always return null, in fact, coding problems, this time you need to use the third argument:
1 |
echo htmlspecialchars($string, ENT_COMPAT,'ISO-8859-1', true); |
The same also applies to htmlentities
:
1 |
echo htmlentities($string, ENT_COMPAT,'ISO-8859-1', true); |