htmlspecialchars() 函数把预定义的字符转换为 HTML 实体。
$str = "This is some bold text.";
echo htmlspecialchars($str);
?>
htmlspecialchars() 函数把预定义的字符转换为 HTML 实体。
预定义的字符是:
& (和号)成为 &
" (双引号)成为 "
' (单引号)成为 '
< (小于)成为 <
> (大于)成为 >
案例:
if($_GET['id']!=null){
$_sql = " SELECT * FROM o_code WHERE o_id =$_id LIMIT 1 ";
$_result = _fetch_array($_sql);
if ($_GET['action'] == 'code') {
$_english = trim($_POST['english']);
$_sym = trim($_POST['symbol']);
$_symbol = htmlspecialchars($_sym,ENT_QUOTES);
$_info = trim($_POST['info']);
$_type = trim($_POST['type']);
$_sql = "UPDATE o_code SET o_english = '$_english', o_symbol = '$_symbol',
o_info = '$_info', o_type = '$_type' WHERE o_id = $_id";
_query($_sql);
_close();
echo "";
exit();
}
}
参考文档:http://www.w3school.com.cn/php/func_string_htmlspecialchars.asp 打开