URL/HTML 转义/编码 [英] URL/HTML Escaping/Encoding

问题描述

我一直对 URL/HTML 编码/转义感到困惑.我正在使用 PHP，所以想清除一些东西.

I have always been confused with URL/HTML Encoding/Escaping. I am using PHP, so want to clear somethings up.

我可以说我应该一直使用

Can I say that I should always use

• urlencode:用于单个查询字符串部分

• urlencode: for individual query string parts

$url = 'http://test.com?param1=' . urlencode('some data') . '&param2=' . urlencode('something else');

htmlentities:用于转义像 <> 这样的特殊字符，以便浏览器正确呈现

htmlentities: for escaping special characters like <> so that if will be rendered properly by the browser

是否还有其他地方可以使用每个功能.我不擅长这些逃避的东西，总是被它们迷惑

Would there be any other places I might use each function. I am not good at all these escaping stuff, always confused by them

推荐答案

首先，您不应该在大约 99% 的时间使用 htmlentites.相反，您应该使用 htmlspecialchars()用于转义文本以在 xml/html 文档中使用.htmlentities 仅用于显示您使用的本机字符集无法显示的字符(如果您的页面是 ASCII 则很有用，但您有一些 UTF-8 字符想要显示).相反，只需将整个页面设为 UTF-8(这并不难)，然后就可以了.

First off, you shouldn't be using htmlentites around 99% of the time. Instead, you should use htmlspecialchars() for escaping text for use inside xml/html documents. htmlentities are only useful for displaying characters that the native characterset you're using can't display (it is useful if your pages are in ASCII, but you have some UTF-8 characters you would like to display). Instead, just make the whole page UTF-8 (it's not hard), and be done with it.

就 urlencode 而言，你一针见血.

As far as urlencode, you hit the nail on the head.

所以，回顾一下:

• HTML 内部:

• Inside HTML:

<b><?php echo htmlspecialchars($string, ENT_QUOTES, "UTF-8"); ?></b>

网址内部:

Inside of a url:

$url = '?foo='.urlencode('bar');

这篇关于URL/HTML 转义/编码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！