When we accept input in our applications, we can not expect the data to be in acceptable format. In order to store the data in a database, or even redisplay it to the user, we must take care to ensure that it is stored or displayed as it should be. We can accomplish this by adding backslashes to escape characters, removing HTML tags from the input, and converting special characters into their HTML entity equivalent. Let's, first, take a high level overview of the functions we will cover in this section.
addslashes(string) -This function will add a backslash before a single quote, a double quote, a backslash, or the NULL byte.
stripslashes(string) -With this function, we can undo what was done with the 'addslashes' function.
strip_tags(string) -When we have data from an unknown source, it is helpful to remove any HTML and PHP tags. With this function we can accomplish just that.
htmlentities(string [,quote_style]) -Rather than removing the tags as seen with strip_tags, with this function we can change the characters used by the tags to their HTML entity equivalents. This function will change any character that has a HTML entity equivalent into that entity. For an example, a '<' symbol will be changed into '<'
htmlspecialchars(string [,quote_style]) -This function is almost identical to the 'htmlentities' function. The only difference is that this function only translates a handful of characters. This includes the ampersand, double quote, less than, and greater than characters.
html_entity_decode(string) -After using the previous two functions, we can use this function to undo those translations.
/ 12 