最後更新: 2023-01-05

過濾後才輸出

• htmlspecialchars()
• htmlentities()

htmlspecialchars

Convert special characters to HTML entities

htmlspecialchars($string,flags,encoding)

flags

A bitmask of one or more of the following flag

The default is ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401

ENT_QUOTES         Will convert both double and single quotes.
ENT_SUBSTITUTE     Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or �
                (otherwise) instead of returning an empty string.
ENT_HTML401     Handle code as HTML 4.01.

Encoding

If omitted, encoding defaults to the value of the default_charset configuration option.("UTF-8")

i.e.

htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);

htmlentities

Convert ALL applicable characters to HTML entities

htmlentities($script);