1 差别
htmlspecialchars()和htmlentities()唯一的差别是对于不认识的编码是否转义。
比如,对于西欧编码ISO-8859-1来说,中文字符是“不认识的编码”
2 举个例子说明差别
2.1 转义 不认识的编码 有差别
$str = '中文字符'; echo " \n htmlentities会转义:—— \n"; echo htmlentities($str, ENT_QUOTES, 'ISO-8859-1');//ISO-8859-1 ISO8859-1 西欧,Latin-1 echo " \n htmlspecialchars不会转义,原样输出:—— \n"; echo htmlspecialchars($str, ENT_QUOTES, 'ISO-8859-1');
2.2 转义html 无差别
//转义html $str = "< ' \" > \n"; echo " \n htmlentities 转义html:—— \n"; echo htmlentities($str, ENT_QUOTES); echo " \n htmlspecialchars 转义html:—— \n"; echo htmlspecialchars($str, ENT_QUOTES);
2.3 转义sql注入使用addslashes()
$str = "< ' \" > null 中文 <?php ?> bb' or 1='1' & \n"; echo " \n htmlentities 转义sql注入:—— \n"; echo htmlentities($str, ENT_QUOTES); echo " \n htmlspecialchars 转义sql注入:—— \n"; echo htmlspecialchars($str, ENT_QUOTES); echo " \n addslashes 转义sql注入:—— \n"; echo addslashes($str);
标签:echo,addslashes,转义,QUOTES,htmlentities,str,htmlspecialchars,php From: https://www.cnblogs.com/polax/p/18390837