我想做的就是将 html 注入转义到我的输入文本框中。我没有正确使用 htmlentities 吗？代码：<?php   require_once "pdo.php";   // Demand a GET parameter   if ( ! isset($_GET['name']) || strlen($_GET['name']) < 1  ) {       die('Name parameter missing');   } else {       $username = $_GET['name'];   }   // If the user requested logout go back to index.php   if ( isset($_POST['logout']) ) {       header('Location: index.php');       return;   }   $year = isset($_POST['year']) ? $_POST['year'] : '';   $mileage = isset($_POST['mileage']) ? $_POST['mileage'] : '';   $make = isset($_POST['make']) ? $_POST['make'] : '';   $failure = false;   $success = false;   if ( isset($_POST['make']) && isset($_POST['year'])         && isset($_POST['mileage'])) {       //$year = $_POST['year'];       //$mileage = $_POST['mileage'];       //$make = $_POST['make'];       if ( strlen($make) < 1){           $failure = "Make is Required";       } else {                  if (is_numeric($year) and is_numeric($mileage) ){               error_log("year is a number ".$_POST['year']);                       error_log("Mileage is a number ".$_POST['mileage']);               $sql = "INSERT INTO autos (make, year, mileage)                  VALUES (:make, :year, :mileage)";               $stmt = $pdo->prepare($sql);               $stmt->execute(array(               ':make' => $make,               ':year' => $year,               ':mileage' => $mileage));               $success = "Record Inserted";                 } else {               $failure = "Mileage and Year must be numeric";               error_log("year or mileage is not a number year=".$_POST['year']);                       error_log("Mileage or year is not a number mileage=".$_POST['mileage']);           }       }   }输出不会转义见截图：