The content introduced in this article is about the study notes of PHP functions, which has a certain reference value. Now I share it with everyone. Friends in need can refer to it
$_SERVER["PHP_SELF"] | A super global variable. Returns the file name of the currently executing script. |
htmlspacialchars(var) | Convert specific characters into HTML entities. Prevents attackers from exploiting code by injecting HTML or JavaScript code into forms (cross-site scripting attacks). |
Application: The $_SERVER["PHP_SELF"] variable can be exploited by hackers. If your page uses PHP_SELF, users can enter an underscore and execute cross-site scripting (XSS). Tip: Cross-site scripting (XSS) is a type of computer security vulnerability that is common in web applications. XSS enables attackers to enter client-side scripts into web pages browsed by other users. Example: There is a form in the test.php page: <form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>"> Copy after login If the address bar is a normal URL: hhtp://www.example.com/test.php, the above code will be converted to : <form method="post" action="test.php"> Copy after login Once you enter: http://www.example.com/test.php/"><script>alert('hacked')</script>, the above code will be converted into: <form method="post" action="test.php"/><script>alert('hacked');</script> Copy after login Use the htmlspecialchars() function to avoid the above situation. Form code: <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> Copy after login At this time, enter http://www.example.com/test.php/"><script>alert('hacked' )</script>, the above code will be converted into: <form method="post" action="test.php/"><script>alert('hacked')</script>" Copy after login | |
trim(var) | Remove extra spaces, tabs, and newlines |
stripslashes(var) | Remove backslash (\) |
Determine whether the variable | has been assigned data and is not empty. ‘’, null, false, 00, 0, '0', undefined, array(), and var $var all return true. |
Check whether the variable has been declared. Returns true for undefined variables. After unsetting a variable, the variable is canceled. | |
Check whether a value, variable, or expression is null. Passing in undefined variables will also return true, but an error will be reported! | |
Check whether the constant has been declared. | |
2. The empty and isset input parameters must be a variable, while the is_null input parameter can have a return value (constant, variable, expression, etc.) as long as it can have a return value. In the PHP manual, their analysis is: empty, isset is a language structure rather than a function, so it cannot be called by variable functions. |
|
Retrieve the pattern of the string, return true if the pattern exists, otherwise return false. | |
10 little-known but very Useful PHP functions
php function does not define parameter method
The above is the detailed content of Study notes of php functions. For more information, please follow other related articles on the PHP Chinese website!