Lessons from PHP: Change types, escapes, special characters and heredoc syntax in PHP. PHP Regular Screen Virazi - Implementation Features
Hello, dear readers, today I would like to analyze the topic of screening paws in php, javascript and sql, tell you what it is and what is needed, and also add a sprig of brown butts to show the need for screening.
What is the screening of the paws
In order to give the appointment of someone who understands, I will first point a small butt of a row.
Practically, whether it’s a mov-programming mi vikoristovuєmo advancing principle of voicing row-by-row replacement:
var text = "Name of my life company blog";
Everything that is moved between paws - is understood by the interpreter as a row.
It is necessary for us to transfer a text to the row of change, so that we can take revenge on our paws and we will try to do it in this order:
var text = "My blog name: "life"";
then there will be a pardon, oskіlki zamіst of one row interpreter to work two:
"Name of my blog:"
" "
and between them there is a non-domy youmu operator – life.
For this not to happen, it is necessary to screen the paws. In javascript, for example, it will look like this:
var text = "My blog name: \"life\"";
For the sake of practical application, it is possible to give a clear understanding of the screening of the paws.
Ekranuvannya paws - tse diya, scho zdіysnyuєtsya over a row of replacements under the hour of the robot script. Tse allows you to beat the paws in a row. In a private way, add a wider screen to the screen - inserting a slash in front of the inner paws.
php paw screen
In php, you can screen the paws in a number of ways, the first of which is similar to the one you looked at.
"How do you think?" - Powered by Katerina Ivanivna. "Nothing, alive offal" - Vidpov_Startsev (Chekhov)
In order to bring її to the side, PHP should work in one of the offensive ways.
Screening with a trailing trace:
echo "\"How can you? \" - Katerina Ivanivna asked. \"Nothing, live offal \", - starters (Chekhov)";
Screening with single legs
echo ""How are you doing?" - Powered by Katerina Ivanivna.
In vipadku, if the inner legs of the row are richly simpler, when the row is bare, single legs are twisted, and in the middle of the underwire. Abo, navpaki, fallow in the presence of the text of quiet chi іnshih paws.
You may need to see the paws screen in PHP
The cream of the selected butt for the inspection of rows, the screening of the paws and other specialists is often necessary when working with the database.
To prevent different problems when working with the database, you can use the addslashes function before saving data in tables
$str = "Is your name O"reilly?"; // output: Is your name O\"reilly? echo addslashes($str);
or mysql_real_escape_string
Offset functions are standard in php and screen special characters in rows. If that yak vikoristovuvati, lie in specific zavdan. For example, addslashes is more useful for serializing a row when writing її to the database, and mysql_real_escape_string is for all the data that came with forms on the site.
For small web appendices, you can skip manually typing the addslashes screen or mysql_real_escape_string to enable "Magic paws" – magic_quotes_gpc
if (!get_magic_quotes_gpc()) ( ini_set('magic_quotes_gpc', 'on'); )
Most of the magical paws are included behind the lock on the server, it can be recognized from the information removed during the wicked function
echo phpinfo();
javascript paw screen
Even more often, especially in JavaScript, you have to practice rows to take revenge HTML markup.
In javascript, the screen of paws has a similar order, or a return slash, or a victoria different type paws.
An example of a return slash:
varhtml="
Butt with internal paws:
varhtml="
If a row with an HTML markup is too long and the row is moved, the screen is again needed, in which case it’s not the paws, but the row transfer symbol
varhtml="
If in this case you don’t use a backslash before transferring a row, then the script is not practical.
It is rare to finish, but you can close from the taskers to transfer the HTML markup from the serialized row to the JSON format. Any way to destroy the hyphen, the JSON format will be broken.
To avoid these problems, it is necessary to run the text with the transferred rows through the JSON.stringify() function
text = json.stringify(text);
JSON.stringify() - only available once the jquery library is included.
Sql screen for paws
In sql screening of the crim legs, we have chosen methods in php and js - the escape slash and the inner paws, there is only one solution.
SELECT "Is your name O" "reilly?";
To screen paws in SQL, you need to duplicate them.
zamіst "write"
zamіst "write"
Clean up the screening of the paws
You can remove the paws screen from php using the standard stripslashes() function;
Javascript does not have an analogue of stripslashes, but we can always use a regular virase, which will help us clean up the screen paws in javascript
str.replace(/\0/g, "0").replace(/\\(.)/g, "$1")
In this article, I have tried to expand the topic of the screening of the paws in php, js, mysql and show that in some situations it is necessary to stop the screening. I spodіvayus, statya vyavilyas korisnoy.
Note: the adaptive version of the site is activated, as it automatically updates a small amount of your browser and adds some details to the site for easy reading. I'll take a look!
Radium I’m new to everyone on the sides of the blog dedicated to all the subtleties of successful creation and promotion of sites - site on! In today's PHP language, there are such topics as: types of changes, screens, special characters, as well as heredoc syntax in PHP.
Types of change
PHP may be different types zminnykh, їх
4 scalar types:
- boolean (Boolean or boolean type)
- integer (The integers of the number)
- float (Floating point number)
- string
2 mixed types:
- array (Array)
- object
2 special types:
- resource
First, move on to looking at the skin type of the report, but to clarify that PHP is not strictly typed language, but language is dynamically typed. Tse means that we need to zazdalegіd (when collapsing) deafen the type of skin change. PHP itself guesses which type can be changed, depending on what we can change in qiu. Tse also means that we can change the number (integer) to put a row (string) and there will be no pardon! This is one of the features of PHP, as it suits people (beginners), as before they were not small in programming. As a rule, everything is allowed to come to the point where it is a minus move, not a plus.
Boolean (logical)- The simplest type. You can take more than 2 values: true or false(Virno chi wrong), stench case-independent (you can write TRUE, trUe then). Reference example:
echo $name, "
", $name2; ?>
Result:
Yak bachite, the browser does not understand the boolean type, to see PHP, so when you try to enter true or false vin vivede on the side number 1 or empty row.
When converted to a logical type, these values are considered as FALSE:
- integer 0 (zero)
- float 0.0 (zero)
- empty row and row "0" or "0"
- empty array
- special type NULL (including unset changes)
All other values are accepted as TRUE.
// tenth number$int=-5; // give me a number$int=05; // big number$int=0x1A; // sixteenth number
//Numbers with floating point (speech):$flot=1.4; $flot = 1.2e3; $flot=7E-10; ?>
However, the most stubborn type in PHP can be entered by yourself rows (string). Rows can be written either in single, or in the insteps, or in the insteps you can write rows in the insteps, I’m not raju to anyone, to that which you yourself are afraid of the PHP interpreter “parse” your row for the presence of changes in the new, lower, but not significant encourage the work. Navit if you want to win at your row of changes - you can work for the help of single legs + (gluing two and more rows into one). For what? paws did you need it? For example, if we want to beat special characters (\n, \r і etc.), a little less about them.
Also, varto designate what vikoristannya single legs + concatenation to rob the code richly in reading, lower everything, without any consideration, shove it into the underwire paws. Ale to stalk forward, at the same time you yourself will all talk and understand:
$number = 2; //integer $hand1 = "The number of hands a person has:"; //string + it's terrifying to go to the presence of the minions$hand2 = "Number of hands a person has:"; //string
//add $number in qi rows:$hand1 = "Number of hands a person has: $number and text..."; // DO NOT recommend $hand2 = "The number of human hands: " . $number. "and more text..."; // I recommend!
echo $hand1, "
", $hand2; ?>
Result:
We will talk about concatenation in the next article.
- їй was assigned a constant NULL.
- їй sche Bulo was appropriated as a value.
- she was sent away for help unset()
Vivchennya types of replacements that were lost, at this stage, it would be stupid. With other types of mi zіtknemosya and parse їх for more deep vchennia PHP.
Screenshot in PHP
And why, in our row, do not want to take out the value of the change, but want to write literally $number? Let's look at two options:
$hand1 = "Number of hands a person has: \$number and text..."; // DO NOT recommend $hand2 = "Number of human hands: $number and more text..."; // I recommend!
echo $hand1, "
", $hand2; ?>
Result:
In the first variant (with podvinnymi paws) we won the screen for the special symbol of the dollar, why should this special symbol cease to be its mother special recognition(Designation of the change) and transforming into the great sign of the dollar.
In another variant (with single paws), as you already know - the PHP interpreter did not try to know the changes in the row, that screen was not needed.
Special characters in PHP
Especially for blog readers site on! I prepared a small list of special characters for my PHP programming:
- \n new row
- carriage rotation
- horizontal tabulation
- \\ return spit of rice (reverse slash)
- \$ dollar sign
- foot
Marveling at the work of special characters on the butt \n - a special character, which is to break the shift to a new row (like Enter), browsers do not understand (and are not guilty) and ignore it, but you can look at the result of yoga robots exit code sides:
echo $rule, "
", $rule2; ?>
Result:
Output code (Ctrl+U):
For example, the special character is not displayed for browser input, so why is yoga sense?
First, for the help of special characters and a password, you can manually format the code on the side (as in the application).
In another way, \n can be twisted, for example, during write operations on a file, so that it can be transferred (Enter) and continue writing on a new row.
An alternative to such a format is є.
heredoc syntax in PHP
Result:
Output code (Ctrl+U):
The result speaks for itself, now let's take a look, as everything is vlashtovan:
- A row starts from three apex arches<<<, далее следует имя идентификатора.
- A row with an identifier (mark) that shows up, at the same time is not guilty of avenging the next day of other characters, including spaces. Tobto in other words, in the wake of our tag, we are guilty of putting Enter, without probіlu, in the wake of Enter!
- The identifier that closes the curve is guilty of starting from the first position in the row. It is not guilty before him, but glades or other symbols!
- A row with a curved identifier (in our case, the word METKA) does not avenge other characters (including spaces), except for the dots with a coma.
For respect! In the upcoming articles, we will talk about the concept of concatenation, as it already sounded more than once today. Let's talk about the robot in rows, and I'll also look at some of the brown functions. Good day to all and goodbye!
For the cob - troch about those who needed to hear.
As we ask, whether it be data, then, in order to revise the given data in the form of SQL commands, you need to take them into your paws.
For example, how to write
SELECT * FROM table WHERE name = Bill
then the base is wrong, that Bill is in the name of another field, you don’t know yoga, and you see a pardon. That data (in this way named Bill) needs to be put in the paws - the same base is known in a row, the value of which you need to assign to the name field:
SELECT * FROM table WHERE name = "Bill"
However, even in the data themselves, the paws of the same can be sharpened. For example,
SELECT * FROM table WHERE name = "D"Artagnan"
Here the data base is broken, that "D" is a given, and Artagnan is a team, you don’t know how, and you can see a pardon. Therefore, it is necessary to trace all the data, in order to explain the basics, that the paws (and other special characters), which are used in them, are brought to the data.
As a result, we take the correct request, no pardon is called:
SELECT * FROM table WHERE name = "D"Artagnan"
In this rank, we explained that, when pidstanovtsі danih, you will need to follow the following two rules:
- all data, which are inserted into the request, should be laid in the paws (single or underwire, but more easily and more often they are single).
- all rows of replacements may have special characters screened with slashes.
Slid special meaning: add slash do not go to the base. The stench is needed less at the table. When hit in the base, slashes are thrown out. Obviously, a broader pardon is the stagnation of stripslashes with the removal of data from the base.
In fact, all of the above can be attributed to the data of the row type and dates. Numbers can be inserted without slacking off and without moving with your paws. If you work so hard, then OBOV'YAZKOVO! forcibly bring the data to the required type before inserting it into the query, for example:
$id = intval($id);
However, for simplicity (and supremacy) it is possible to parse by numbers, as by rows (the mysql puncture is all converted to the required type). Vidpovidno, we will be given, which are inserted into the request, slid and put in the paws.
There is also one more rule - neobov'yazkove, ale yogo next to trim, so that pardons appear:
Field names and the table should be placed next to the single paws - "`" MySQL gets it right:
SELECT * FROM `table` WHERE `date` = "2006-04-04"
Slid razraznyat tsі paws and rogues alone z іnshimi. The next thing is to remember that the gates of the paws are not screened.
Otzhe, we have learned how to present data correctly.
ALE! The dynamic storage of zapіv is not exhausted by the provision of data. We often need to submit SQL commands and field names. And here we are already moving on to those security:
SQL Injection is a method of a hacker attack, if the data that is passed to the script is modified in such a way that it is written, which is formed in this script, then it starts to be different from those for which the wine was assigned.
The rules for defending against such attacks can be divided into two points:
1. Robot from danimi.
2. Work with power elements.
The first point was reported to us more clearly. Vіn, one might say, and not є, vlasne, zahistom. Dotrimannya rules dodavannya in zap is dictated, in pershu cherga, vymogami SQL SYNTAX. And as a side effect, it can be a defense against evil.
Another point is richer folding, the shards do not have such a single universal rule, as for the data - the key is not to protect their fields from modification by a hacker. Table names, SQL statements, LIMIT command parameters, and other statements cannot be protected.
Therefore, the main rule when setting the key elements on the request is:
If it is necessary to dynamically insert SQL statements or names of fields, databases, tables, then in any case do not insert them directly into the request.
All options for such additional responsibilities are written down in your script and are selected on the basis of the one who was born.
For example, if you want to pass the name of the field to the order by statement, then you can't present it directly at any time. It takes a little to digest yogo. For example, create an array of valid values, and submit to the request only a few of the transfers parameter for this array:
$orders =array("name" , "price" , "qty" );
$key = array_search($_GET["sort"], $orders));
$orderby = $orders[$key];
$query = "SELECT * FROM `table` ORDER BY $orderby";
We are joking in the array of descriptions of the options behind the introduction of the correct word, and, as we know, we select the appropriate element in the array. If it is not found, the first element of the array will be selected.
In this order, at the request, not those who have been koristuvach, but those that were written in the script, are presented.
So you need to fix it yourself in other situations
For example, the WHERE clause is dynamically formed:
if (!empty($_GET [ "price" ])) $where .= "price="" .mysql_real_escape_string ($_GET [ "price" ]).""" ;
$query = "SELECT * FROM `table` WHERE $where";
It’s easy to show your own feelings, if the tables can be entered dynamically into the input, but if you want to get drunk, then you also need to insert only from what is written in the script set.
Parameters of the operator LIMIT slid primusovo cast to integer type for additional arithmetic operations or functions intval ().
It is not necessary to think that by pointing butts here, all options for a dynamic folding of drinks are drawn up. It is necessary to simply understand the principle and practice yoga in all similar moods.
Features of working with the LIKE operator
The absolutely perfect vipadok is the LIKE operator.
In the first place, the cream of great stitching, in the case of the change, as it is presented in LIKE, it is necessary to fight again. Tobto, as in the change of the symbol \, it is required to bring it up, and after that, it is necessary to trace it, through mysql_real_escape_string.
For example, as if we were joking in a row
the character \ is called "backslash" and we need the exact escape, then we just stop mysql_real_escape_string and ask the standard output:
SELECT * FROM test WHERE field = "symbol \\ is called \"backslash\"" If we want to substitute this row for LIKE, then we need to replace the slash by two, and then block mysql_real_escape_string. As a result, we see
SELECT * FROM table WHERE field LIKE "%symbol \\\ is called \"backslash\"%"
In another way, pay attention to those that are similar to the functions that add slashes, do not add them to the metacharacters like % and _, which are distinguished in the LIKE operator. If you want to win the whole operator, and if you don't want the symbols _ and % to be twisted like masks, then add the slash manually. Tse can be robiti team
$data = addCslashes($data, "%_"); Respect - don't add lashes! The name of the function can be added to the letter "c".
In such a manner to enter, scho change, yak vykoristovuyutsya in the LIKE operator, we are guilty of okremo.
at the same time, replace one slash with two, for the help of such, for example, the code:
$var = str_replace("\", "\\", $var); then (you can compare with usima іnshimi dannymi, what to go with the request) simply:
$var = mysql_real_escape_string($var); and then, as if we wanted to, schob _ that % was told exactly by ourselves, robimo
$var = addCslashes($var, "_%");
As a result, as if mi shukatimemo, for example, such a row
the \ symbol is called "backslash" and the _ symbol is called "underscore" then after the conversion, at the request, you can look like this:
"%symbol is called \"backslash\" and \_ is called \"underscore\" Tobto slish, like a bov in a row on the back - quadrupled. The rest of the symbols were worn out, like a zavzhd. Plus - a quilted symbol of the reassurance.
About hearsay. Yak їkh pozutisya
A slash, or a backslash, like an English back slash - a spit of rice ("\"), as if unreasonably rapt by itself appears at your zminnykh. Add wines to some special characters, but it’s more important to mark it through the paws.
Vіdbuvaєtsya tse through spetsіlnі nаshtuvannya PHP, yakі zvіchay vіdnіvіnі і na hosting zamovchuvannyam. Theoretically, cі nalashtuvannya can improve the security of scripts that work from the database. In fact, in the case of automatic addition of slashes, it is not uncommon to see stray and unhandedness, like from a robot in a database, and for її days.
Below, we report on the offenses of vipadki.
For automatically adding slashes, give php.ini directives, so that the name "enchanting paws" can be called:
magic_quotes_gpc and magic_quotes_runtime If the first one is enabled, then PHP will automatically add a slash to the data that came from the koristuvach - from POST, GET requests and cookies (and also to the login and password, removed via HTTP Authorization).
As a friend, then the slashes are added to the data, taking away the hour of the script - for example, from the file chi base data.
If you practice without a data base, otherwise you should practice with the database correctly (about what will be written below), you should only care about it, and you need to get rid of it. Easier and more correct to include automatic addition, in PHP settings.
You can either modify the php.ini directives so that you have access to the new one, or create the .htaccess file in the root directory of the site, and add it to the new row
php_flag magic_quotes_gpc 0
php_flag magic_quotes_runtime 0
If you don’t enter in such a rank, then you have to write the code of a different level of folding in order to clear the input data. (Besides, if you want to write a program, if you don’t have to lay around in PHP, then write it all the same. And include a block on the cob of your scripts).
With respect, yakі otrimuyut pіd hour of work, razіbratisya in the simplest way: enough to write the script on the cob
set_magic_quotes_runtime(0); For the Danes, otrimanih vіd koristuvacha, everything is richly folded. For this code, we need two functions:
Apparently, for the help of the first one, you need to re-verify, and as if adding PHP, then go through all the input changes and clean up for the help of the other.
If you're doing it right, with register_globals = off , then it's enough to populate stripslashes to all arrays to retrieve the data that comes from the browser.
for example, you can include the following code for all scripts on the site:
function strips (& $el) (
if (is_array($el))
foreach($el as $k => $v )
strips($el[$k]);
else $el = stripslashes($el);
}
if (get_magic_quotes_gpc()) (
strips($_GET);
strips($_POST);
strips($_COOKIE);
strips($_REQUEST);
if (isset($_SERVER ["PHP_AUTH_USER"])) strips ($_SERVER ["PHP_AUTH_USER"]);
if (isset($_SERVER ["PHP_AUTH_PW"])) strips ($_SERVER ["PHP_AUTH_PW"]);
}
In times of incorrect settings register_globals, it will be more important to know the solution in advance, and it’s better - I repeat - to practice with the correct settings.
- Among the reasons, through yakі not varto rely on "charіvni paws", there is one more. Even less maloimovirna, but all the same. Before the "enchanting paws" lie not two directives, but three. The third is magic_quotes_sybase. Not only that, if the deputy is too close to give a paw - so there is a magic_quotes_gpc. As if it were a marvelous offense that the directives may have the status "on", then stop don't work! Tobto, relying on the "charitable paws", we in this way take away all the wrongly folded drinks. Vzagali, so theoretically, it is necessary to protect the visibility of the directives, the shards won't make such a surprise, like ... changing the behavior of the functions addslashes and stripslashes! Like magic_quotes_sybase = on , these functions start replacing a slash and add and remove a single foot correctly.
- All hints apply to MySQL databases. Specific rules for folding requests can be modified for other DBMSs, but the general principle remains as follows:
- Yes, API for working with a database, or a third-party library, please special functions for storing drinks and є the possibility of їх vikoristannya, then koristuvatisya in the first line is required by them.
- Although there are no such functions, see the documentation of the function for screening special characters for the DBMS.
When the value is shown in the tags of the input form, the slashes do not help.
So that the text in such a field is displayed again, value must be placed in the paws, but before the data, what to see stop the htmlspecialchars() function
Butt:
It is also necessary to indicate (if it is already known that it cannot be used to the paws and slashes), that the htmlspecialchars function should be stuck when displayed in the browser before all data, so that the htmlspecialchars function is removed from the unverified koristuvach. Why should you work, you can read in Google for a request, what is XSS inconsistency
by phpfaq.ru
In order to give the appointment of someone who understands, I will first point a small butt of a row. Practically, whether it’s a mov-programming mi vikoristovuєmo advancing principle of voicing row-by-row replacement:
Var text = "Name of my company blog - Name";
Everything that is moved between paws - is understood by the interpreter as a row.
It is necessary for us to transfer a text to the row of change, so that we can take revenge on our paws and we will try to do it in this order:
Var text = "Name of my blog: "Name" ";
then there will be a pardon, oskіlki zamіst of one row interpreter to work two:
"The name of my blog:" ""
For this not to happen, it is necessary to screen the paws. In javascript, for example, it will look like this:
Var text = "My blog name: \"Name\"";
For the sake of practical application, it is possible to give a clear understanding of the screening of the paws.
Screening of the paws- tse diya, scho vchinyaєtsya over ryadkovuyu zminnoy pod hour roboti script. Tse allows you to beat the paws in a row. In a private way, add a wider screen to the screen - inserting a slash in front of the inner paws.
php paw screen
In php, you can screen the paws in a number of ways, the first of which is similar to the one you looked at.
For example, we may have a row with the author’s and my direct one, as if to avenge my paws:
"How do you think?" - Powered by Katerina Ivanivna. "Nothing, alive offal" - Vidpov_Startsev (Chekhov)
In order to bring її to the side, PHP should work in one of the offensive ways.
Screening with a trailing trace:
echo "\"How can you? \" - Katerina Ivanivna asked. \"Nothing, live offal \", - starters (Chekhov)";Screening with single legs
echo ""How are you doing?" - Powered by Katerina Ivanivna.In vipadku, if the inner legs of the row are richly simpler, when the row is bare, single legs are twisted, and in the middle of the underwire. Abo, navpaki, fallow in the presence of the text of quiet chi іnshih paws.
You may need to see the paws screen in PHP
The cream of the selected butt for the inspection of rows, the screening of the paws and other specialists is often necessary when working with the database.
To prevent different problems when working with the database, you can use the addslashes function before saving data in tables
$str = "Is your name O"reilly?"; // output: Is your name O\"reilly? echo addslashes($str); or mysql_real_escape_string
Offset functions are standard in php and screen special characters in rows. If that yak vikoristovuvati, lie in specific zavdan. For example, addslashes is more useful for serializing a row when writing її to the database, and mysql_real_escape_string is for all the data that came with forms on the site.
For small web appendices, you can skip manually typing the addslashes screen or mysql_real_escape_string to enable "Magic paws" – magic_quotes_gpc
If (!get_magic_quotes_gpc()) ( ini_set('magic_quotes_gpc', 'on'); )
Most of the magical paws are included behind the lock on the server, it can be recognized from the information removed during the wicked function
echo phpinfo();
javascript paw screen
Even more often, especially in JavaScript, you need to practice rows to get rid of the HTML markup.
In javascript, the screen of paws has a similar order, or a return slash, or a different type of paws.
An example of a return slash:
varhtml="Butt with internal paws:
varhtml="If a row with an HTML markup is too long and the row is moved, the screen is again needed, in which case it’s not the paws, but the row transfer symbol
varhtml="
If in this butt there is no wicked slash before transferring the row, the script will not be practiced.
It is rare to finish, but you can close from the taskers to transfer the HTML markup from the serialized row to the JSON format. Any way to destroy the hyphen, the JSON format will be broken.
To avoid these problems, it is necessary to run the text with the transferred rows through the function
JSON.stringify() text = JSON.stringify(text);
JSON.stringify() - only available once the jquery library is included.
Sql screen for paws
In sql screening of the crim legs, we have chosen methods in php and js - the escape slash and the inner paws, there is only one solution.
SELECT "Is your name O" "reilly?";
To screen paws in SQL, you need to duplicate them.
zamіst "write"
zamіst "write"
Clean up the screening of the paws
You can remove the paws screen from php using the standard stripslashes() function;
Javascript does not have an analogue of stripslashes, but we can always use a regular virase, which will help us clean up the screen paws in javascript
Str.replace(/\0/g, "0").replace(/\\(.)/g, "$1")
In this article, I tried to cover the topic of the screening of the paws in php, js, mysql and show that in some situations it is necessary to stop the screening. I spodіvayus, statya vyavilyas korisnoy.
In this short article it is shown how and de varto vikoristati paws in PHP.
Single paws (apostrophe) in PHP
Rows laid on single legs are not processed by PHP. Tobto single legs represent the text, arrangements between them yak є.
// Correct echo "How is life?"; echo "How is life? $name"; echo "How is life? ".$name; // Wrong echo "How is life? $name";
Special symbols in single and underfoot paws
So, for example, the tabulation symbol (\t) is interpreted as a tabulation symbol, and not as a slashed letter t, it is necessary to put a row with the text, in which the tabulation symbol is placed, at the foot. AT single legs you can win only \' і \\. All other screen sequences (\n, \r, \$ і etc.) are unacceptable to win in single paws.
// Wrong echo "How is life? \n"; // Correct echo "How is life?";
To screen the underwires in the middle of the row, put the paws in front of the backslash.
// Wrong echo "
How is life?
// Correct echoHow is life?
";echo"How is life?
";Hangers in PHP
The text, laid down at the foot of the foot, is processed in a familiar way. For example, change, put in the underwire paws, are replaced by the meaning. Tse rob zruchno fold SQL ask for the help of the podvinyh paws.
$query = "INSERT INTO table (post,author,text,date) VALUES ("$id","$author","$text","$date")";