如何在PHP中正确地转义html表单输入默认值? [英] How to properly escape html form input default values in php?
问题描述
给出以下两个html / php片段:
< input type =textname =firstnamevalue =<<< ;?php echo $ _POST ['firstname'];?> />
和
< textarea name =content><?php echo $ _POST ['content']; ?>< / textarea>
什么字符编码需要用于回显 $ _ / code>变量?我可以使用任何内置的PHP函数吗?请假定
$ _ POST
值尚未编码。
使用 在将它们展示给用户之前,一个href =http://php.net/htmlspecialchars> Given the following two html/php snippets: and what character encoding do I need to use for the echoed Use Always escape strings with 这篇关于如何在PHP中正确地转义html表单输入默认值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! htmlspecialchars($ _ POST ['firstname']) code>和
htmlspecialchars($ _ POST ['content'])
。
htmlspecialchars()
。<input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>" />
<textarea name="content"><?php echo $_POST['content']; ?></textarea>
$_POST
variables? Can I use any built in PHP functions? Please assume that the $_POST
values have not been encoded at all yet. No magic quotes no nothing.htmlspecialchars($_POST['firstname'])
and htmlspecialchars($_POST['content'])
.htmlspecialchars()
before showing them to the user.