1、Passing the ENT_QUOTES argument to htmlspecialchars to ensure that single quotes (') are also escaped isn’t strictly necessary in this case, but it’s a good habit to get into.
2、將ENT_QUOTES標識傳遞給htmlspecialchars函數,從而保*單引號也會被轉義。 雖然這並是最主要的,但也算是一個良好習慣。