你的写法没什么错误,你可以这样写:
echo "<script language='javascript'>
location='abc.php'
</script>";
其中的javascript你写的可能不正确,请参考document.location.href='aaa.php';
echo "<script language='javascript'>
location='abc.php'
</script>";
其中的javascript你写的可能不正确,请参考document.location.href='aaa.php';
echo "<script language='javascript'>";
echo "window.location='abc.php';";
echo "</script>";
string htmlspecialchars ( string string [, int quote_style [, string charset]])
Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made; the translations made are those most useful for everyday web programming. If you require all HTML character entities to be translated, use htmlentities() instead. This function is useful in preventing user-supplied text from containing HTML up, such as in a message board or guest book application. The optional second argument, quote_style, tells the function what to do with single and double quote characters. The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated. If ENT_QUOTES is set, both single and double quotes are translated and if ENT_NOQUOTES is set neither single nor double quotes are translated. The translations performed are:
'&' (ampersand) becomes '&' '"' (double quote) becomes '"' when ENT_NOQUOTES is not set. ''' (single quote) becomes ''' only when ENT_QUOTES is set. '<' (less than) becomes '<' '>' (greater than) becomes '>' 例子 1. htmlspecialchars() example<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities(). Support for the optional second argument was added in PHP 3.0.17 and PHP 4.0.3.
echo " location='abc.php';";
echo "</script>";应该是没有语法错误的,谢谢!
$con=<<<CONTENT
echo "<script language='javascript'>";
echo " location='abc.php';";
echo "</script>";
CONTENT;
echo htmlspecialchars($con);
?>
htmlspecialchars()作用就是将'&' '"' ''' '<' '>' 分别转换成 '&' '"' ''' '<' '>'
echo "alert('abc.php');";
echo "</script>";
显示“abc.php”。
echo "<script language='javascript'>";
echo "location.href='abc.php';";
echo "</script>";
mysql_query('create table ....') or die(错误信息);跳转的写法
mysql_query('create table ....') or header(目标地址);$js = <<< JS
<script language='javascript'>
location='abc.php';
</script>
JS;用js跳转的写法
mysql_query('create table ....') or die($js);将js代码显示在页面上
echo htmlspecialchars($js);