1、Passing the ENT_QUOTES argument to htmlspecialchars to ensure that single quotes (') are also escaped isn’t strictly necessary in this case, but it’s a good habit to get into.
2、将ENT_QUOTES标识传递给htmlspecialchars函数,从而保*单引号也会被转义。 虽然这并是最主要的,但也算是一个良好习惯。