php web request security processing

1. The difference between urlencode and rawurlencode

urlencode('$s') = ["; var_dump(urlencode($s)); echo "]
"; echo "rawurlencode('$s') = ["; var_dump(rawurlencode($s)); echo "]
"; } //运行结果 urlencode('https://tieba.baidu.com/f?kw=2&fr=wwwt') = [ D:\software\wamp\www\linux\webApi\test.php:9:string 'https%3A%2F%2Ftieba.baidu.com%2Ff%3Fkw%3D2%26fr%3Dwwwt' (length=54) ] rawurlencode('https://tieba.baidu.com/f?kw=2&fr=wwwt') = [ D:\software\wamp\www\linux\webApi\test.php:12:string 'https%3A%2F%2Ftieba.baidu.com%2Ff%3Fkw%3D2%26fr%3Dwwwt' (length=54) ] urlencode(':/?= &#') = [ D:\software\wamp\www\linux\webApi\test.php:9:string '%3A%2F%3F%3D+%26%23' (length=19) ] rawurlencode(':/?= &#') = [ D:\software\wamp\www\linux\webApi\test.php:12:string '%3A%2F%3F%3D%20%26%23' (length=21) ] urlencode('测试') = [ D:\software\wamp\www\linux\webApi\test.php:9:string '%E6%B5%8B%E8%AF%95' (length=18) ] rawurlencode('测试') = [ D:\software\wamp\www\linux\webApi\test.php:12:string '%E6%B5%8B%E8%AF%95' (length=18) ]

As can be seen from the above execution results, the results of the two methods urlencode and rawurlencode are the same when processing letters, numbers, special symbols, and Chinese. , the only difference is the processing of spaces, urlencode is processed as " ", rawurlencode is processed as " "

2. Function strip_tags: remove HTML and PHP tags

Note: This function can remove any HTML and PHP tag strings contained in the string. If the HTML and PHP tags of the string are originally wrong, for example, the greater than symbol is missing, an error will also be returned. This function has the same function as fgetss(). fgetss reads the file from the file and removes the html and php tags.

world!");

Run results

Hello world!

3. Function htmlspecialchars, convert special characters into HTML format

htmlspecialchars() function converts predefined characters Convert to HTML entities.
The predefined characters are:
& (ampersand) becomes &
" (double quotation mark) becomes "
' (single quotation mark) becomes '
4b62352f83a4c1a8610e93c4b221d980 (greater than) becomes>

##

bold text.&");

Run result

This is some bold text.&

4. The function htmlentities converts all characters into HTML strings

Maybe you are still regretting that htmlspecialchars can only handle 4 html tags, so don’t regret it now. htmlentities is to convert all characters.

");

Running results

5. addslashes, the function returns a string with a backslash added before the predefined characters.

The predefined characters are:

Single quotation mark (')
Double quotation mark (")
Backslash (\)
NULL

      
Running result
      

      
Shanghai is the \"biggest\" city in China.
      
6. Stripslashes is the string referenced by restoring addslashes.
      

      

      
Running results
      

      
Who's Bill Gates?
      
The above is the entire content of this article. I hope it will be helpful to everyone's learning. More For more related content, please pay attention to the PHP Chinese website!
      
Related recommendations:
      

      
How to use php cocket

      
PHP source code php -beast encryption

      
PHP implementation of sending emails using QQ mailbox

      
The above is the detailed content of php web request security processing. For more information, please follow other related articles on the PHP Chinese website!