Escaping PHP
Various escaping methods in PHP
There are various escaping methods in PHP, named according to PHP’s usual naming convention (which I think involves a blindfold):
- htmlspecialchars – a partial htmlentities. Quotes can be selectively converted. Translates only necessary characters: & “ ‘ < >
- htmlentities – translate ALL possible characters into html entities. Quotes can be selectively converted.
- urlencode – replace everything but [a-zA-Z0-9_.-] with %hex and spaces as +. The format is application/x-www-form-urlencoded; the format used by post forms. This is different from RFC1738
- rawurlencode – as per RFC1738 (difference is the spaces).
- addslashes – escape ‘ “ \ NUL with \
- addcslashes – escape with \ any chars in charlist. 0, a, b, f, n, r, t and v are escaped literally, anything else is escaped as octal.
- convert_uuencode – uuencode
- base64_encode – base64 encode