dongqiang5932 2014-04-10 16:44
浏览 75
已采纳

出于什么原因,htmlspecialchar()默认字符集从ISO-8859-1更改为UTF8

According to http://php.net/htmlspecialchars the default value for the charset argument changed from ISO-8859-1 to UTF8 in PHP 5.4.

If you follow the discussion of this bug https://bugs.php.net/bug.php?id=61354 here, you quickly realize that this lead to major difficulties in maintaining legacy PHP-Code. We've run into similar problems.

Explanations like "most people use UTF-8" in this post http://nikic.github.io/2012/01/28/htmlspecialchars-improvements-in-PHP-5-4.html are really weird.

As far as I know, htmlspecialchars() quotes everything all right in UTF8, even if ISO-8859-1 is set. People using non-ASCII-charsets had to set the parameter... ok, but they are not affected by a change to the default behavior, either. I've written a lot of UTF-8 code and never had a problem with htmlspecialchars() using ISO-8859-1 before.

So why change this behavior? Or am I overlooking some security issues? I just want to understand it (no code solution needed!).

  • 写回答

1条回答 默认 最新

  • dongzhong1891 2014-04-10 16:57
    关注

    The behaviour is changed from ISO-8859-1 as a default to UTF-8 as a default because UTF-8 is more commonly used.

    ISO-8859-1 covers Latin characters while UTF-8 supports a much larger set of characters. This is why UTF-8 is often used in favor of ISO-8859-1.

    As for why they chose to break compatibility: I guess they thought it was a good idea. Maybe the underestimated the impact this would have. I can see this being a bit of a snag for entry-level developers.

    This is a potential fix for this breaking change:

    function myhtmlspecialchars($string, $flags = null, $encoding = "ISO-8859-1", $double_encode = true) {
    if ($flags === null) { $flags = ENT_COMPAT | ENT_HTML401; }
    return htmlspecialchars($string, $flags, $encoding, $double_encode);
}

    And then simply replace htmlspecialchars by myhtmlspecialchars in your code.

    As of version 5.6.0 the default is default_charset. So this only impacts applications running on a version between 5.4.x and 5.5.x

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler