You may not know this, but the latest version of PHP comes with avery powerful set of string manipulatation tools. This article takes anin-depth look at these tools and illustrates how they can save you time andeffort in your daily development activities.
PHP also comes with a bunch of functions constructed specially for Web development. The first of these is the very cool addslashes() function, which automatically escapes special characters in strings. You should make it a point to run this function on your variables prior to inserting them into a database (or any other application that has trouble with special characters).
$str = <<<EOF
When Nicholas "Oz" Oseransky (Matthew Perry) goes over to introduce himself
to his new neighbour, he's surprised to recognize notorious mob hit-man,
Jimmy "The Tulip" Tudeski (Bruce Willis), currently in hiding after
squealing on the Gogolack mob "family" in Chicago.
// returns a string with all special characters escaped
When Nicholas \"Oz\" Oseransky (Matthew Perry) goes over to introduce
himself to his new neighbour, he\'s surprised to recognize notorious mob
hit-man, Jimmy \"The Tulip\" Tudeski (Bruce Willis), currently in hiding
after squealing on the Gogolack mob \"family\" in Chicago.
You can reverse the process with the stripslashes() function,
which removes all the backslashes and returns a "clean" string.
The htmlentities() and htmlspecialchars() functions automatically convert special symbols (like < and >) into their corresponding HTML representations (< and >). Similarly, the nl2br() function automatically replaces blank lines in a string with the corresponding HTML line break tag .