有时我必须使用两次htmlentities来正确转换文本(参见示例),为什么会这样,并且还有其他解决方案。
示例:
<?php
if('POST' == $_SERVER['REQUEST_METHOD']){
$result = db_query("INSERT INTO example (id, example) VALUES ('" . htmlentities(htmlentities($_POST['example'], ENT_QUOTES, 'UTF-8'), ENT_QUOTES, 'UTF-8') . "', '')");
}
?>
<html>
<body>
<form action="" method="POST">
<input type="text" name="example" value="<?php echo(htmlspecialchars_decode($_POST['example'])); ?>">
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>