|
dhtmlspecialchars的作用是,防止跨站攻击,将网页中的字符转化为html实体!
- function dhtmlspecialchars($string, $flags = null) {
- if(is_array($string)) {
- foreach($string as $key => $val) {
- $string[$key] = dhtmlspecialchars($val, $flags);
- }
- } else {
- if($flags === null) {
- $string = str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string);
- if(strpos($string, '&#') !== false) {
- $string = preg_replace('/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\\1', $string);
- }
- } else {
- if(PHP_VERSION < '5.4.0') {
- $string = htmlspecialchars($string, $flags);
- } else {
- if(strtolower(CHARSET) == 'utf-8') {
- $charset = 'UTF-8';
- } else {
- $charset = 'ISO-8859-1';
- }
- $string = htmlspecialchars($string, $flags, $charset);
- }
- }
- }
- return $string;
- }
复制代码 常见的使用方法:
- dhtmlspecialchars(trim($value))
复制代码
|
|