0 results found
Seven Chen
2008/12/17 NULL 技术杂文

在sitepoint上上看到一篇文章Good and Bad

Search results for query: " .$_GET\['query'\] . ".

"); ?>


answers from sitepoint:

Search results for query: ', htmlspecialchars($\_GET\['query'\], ENT\_QUOTES), '.

'; } ?>

说明 :

The “short” opening PHP tag (<?) has been replaced with the more
portable (and XML-friendly) <?php form.
Before attempting to output the value of $_GET[‘query’], isset is used
to verify that it actually has a value.
The unnecessary brackets (()) around the value passed to echo have been removed.
Strings are delimited by single quotes instead of double quotes to
avoid the performance hit of PHP searching for variables to
interpolate within the strings.
Rather than using the string concatenation operator (.) to pass a
single string to the echo statement, the strings to be output by echo
are separated by commas for a tiny performance boost.
Passing the ENT_QUOTES argument to htmlspecialchars to ensure that
single quotes (‘) are also escaped isn’t strictly necessary in this
case, but it’s a good habit to get into.

humen1 Tech

本文作者:Seven Chen
版权声明:本文首发于Seven Chen的博客,转载请注明出处!