http://www.php.net/manual/en/function.htmlspecialchars.php
用來過濾HTML會用到的特殊字元,將其轉成代碼
瀏覽器在顯示時會變成純文字,而不是HTML CODE
string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT [, string $charset [, bool $double_encode = true ]]] )
The translations performed are:
- '&' (ampersand) becomes '&'
- '"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
- "'" (single quote) becomes ''' only when ENT_QUOTES is set.
- '<' (less than) becomes '<'
- '>' (greater than) becomes '>'
要過濾單引號需要再第二個參數加上ENT_QUOTES
範例:
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
但是我自己試的結果是有加ENT_QUOTES時,雙引號也會被過濾
<?php
$new = htmlspecialchars('<a href="test">\'Test\'</a>', ENT_QUOTES);
echo $new; // <a href="test">'Test'</a>
?>
結論:要加ENT_QUOTES比較穩當。
全站熱搜
留言列表