htmlspecialchars($str,ENT_QUOTES);
转义以下字符
- '&' (ampersand) becomes '&'
- '"' (double quote) becomes '"' when ENT_NOQUOTES
- ''' (single quote) becomes ''' only when ENT_QUOTES
- '<' (less than) becomes '<'
- '>' (greater than) becomes '>'