从 MySQL 结果中转义 PHP 中的引号 (PDO)
Escaping quotes in PHP from MySQL result (PDO)
要显示的字符串来自 MySQL table。我使用 PDO 查询。字符串包含双引号:
Older spelling (from French). The modernized "petty larceny" is now preferred.
这是字典条目的定义,如果可用则显示:
$search_results .= (!empty($english_definition)? "<a class=\"definition\" href=\"#\" data-toggle=\"popover\" rel=\"popover\"
data-content=\"".$english_definition."\">".$english."*</a>" : $english);
由于引号的缘故,定义被切到单词 "modernized" 之后。
我尝试使用 addslashes(),但结果是显示了一个斜杠,后面没有任何内容。
我还尝试在 table 字段中添加斜线,例如
Older spelling (from French). The modernized \"petty larceny\" is now preferred.
PHP代码中没有stripslashes(),只显示第一个反斜杠,后面什么也没有。
当我添加stripslashes()时,"modernized"之后没有任何显示。
所以,这就是我卡住的地方。
附加代码:
这就是我插入新术语和定义的方式。我已经为可能存在引号的输入添加了 htmlspecialchars():
if(isset($_POST['submit'])) {
$english = htmlspecialchars($_POST['english']);
$english_abbr = $_POST['english_abbr'];
$variant = $_POST['variant'];
$bulgarian = htmlspecialchars($_POST['bulgarian']);
$bulgarian_abbr = $_POST['bulgarian_abbr'];
$theme_id = $_POST['theme_id'];
$english_definition = htmlspecialchars($_POST['english_definition']);
$bulgarian_definition = htmlspecialchars($_POST['bulgarian_definition']);
// Check if an entry already exists
$exists = $db->prepare("SELECT * FROM ".DICTIONARY_TABLE." WHERE english = :english AND theme_id = :theme_id ");
$exists->execute(array(':english' => $english, ':theme_id' => $theme_id));
$count = $exists->rowCount();
if($count > 0) {
echo "<h3 style=\"color:navy; background:transparent;\">⇒ An entry in the same theme already exists.</h3>";
}
else {
$insert = $db->prepare("INSERT INTO ".DICTIONARY_TABLE."
(english, english_abbr, variant, bulgarian, bulgarian_abbr, theme_id)
VALUES
(:english, :english_abbr, :variant, :bulgarian, :bulgarian_abbr, :theme_id)");
$insert->execute(array(':english' => $english,
':english_abbr' => $english_abbr,
':variant' => $variant,
':bulgarian' => $bulgarian,
':bulgarian_abbr' => $bulgarian_abbr,
':theme_id' => $theme_id));
if($insert) {
echo "<h4 style=\"color:green; background:transparent;\">⇒ Term \"$english\" inserted successfully.</h4>";
if(!empty($english_definition) || !empty($bulgarian_definition)) {
$insert_id = $db->lastInsertId();
$insert_def = $db->prepare(
"INSERT INTO ".DICTIONARY_DEFINITIONS."
(term_id, english_definition, bulgarian_definition)
VALUES
(:term_id, :english_definition, :bulgarian_definition)");
$insert_def->execute(array(
':term_id' => $insert_id,
':english_definition' => $english_definition,
':bulgarian_definition' => $bulgarian_definition));
if($insert_def) {
echo "<h4 style=\"color:green; background:transparent;\">⇒ Definition(s) inserted successfully.</h4>";
}
else {
echo "<h4 style=\"color:red; background:transparent;\">⇒ There was a problem inserting the definition(s)!</h4>";
}
}
unset($_POST); $_POST = array();
}
else {
echo "<h4 style=\"color:red; background:transparent;\">⇒ There was a problem executing the query: </h4>";
}
}
include("insert_form.php");
}
else {
include("insert_form.php");
}
保存到数据库时使用htmlspecialchars()函数,再次回显时使用htmlspecialchars_decode()函数。
这是一个有点模糊的问题,如果你会正确使用 pdo,我什至不认为你应该处理斜线,但如果你不想在没有斜线的情况下显示数据,你是否尝试过使用字符串替换?
$search_result = str_replace ("/", "", $search_result);
如果我理解你的问题是对的,这应该能达到你想要的效果
要显示的字符串来自 MySQL table。我使用 PDO 查询。字符串包含双引号:
Older spelling (from French). The modernized "petty larceny" is now preferred.
这是字典条目的定义,如果可用则显示:
$search_results .= (!empty($english_definition)? "<a class=\"definition\" href=\"#\" data-toggle=\"popover\" rel=\"popover\"
data-content=\"".$english_definition."\">".$english."*</a>" : $english);
由于引号的缘故,定义被切到单词 "modernized" 之后。
我尝试使用 addslashes(),但结果是显示了一个斜杠,后面没有任何内容。
我还尝试在 table 字段中添加斜线,例如
Older spelling (from French). The modernized \"petty larceny\" is now preferred.
PHP代码中没有stripslashes(),只显示第一个反斜杠,后面什么也没有。
当我添加stripslashes()时,"modernized"之后没有任何显示。
所以,这就是我卡住的地方。
附加代码:
这就是我插入新术语和定义的方式。我已经为可能存在引号的输入添加了 htmlspecialchars():
if(isset($_POST['submit'])) {
$english = htmlspecialchars($_POST['english']);
$english_abbr = $_POST['english_abbr'];
$variant = $_POST['variant'];
$bulgarian = htmlspecialchars($_POST['bulgarian']);
$bulgarian_abbr = $_POST['bulgarian_abbr'];
$theme_id = $_POST['theme_id'];
$english_definition = htmlspecialchars($_POST['english_definition']);
$bulgarian_definition = htmlspecialchars($_POST['bulgarian_definition']);
// Check if an entry already exists
$exists = $db->prepare("SELECT * FROM ".DICTIONARY_TABLE." WHERE english = :english AND theme_id = :theme_id ");
$exists->execute(array(':english' => $english, ':theme_id' => $theme_id));
$count = $exists->rowCount();
if($count > 0) {
echo "<h3 style=\"color:navy; background:transparent;\">⇒ An entry in the same theme already exists.</h3>";
}
else {
$insert = $db->prepare("INSERT INTO ".DICTIONARY_TABLE."
(english, english_abbr, variant, bulgarian, bulgarian_abbr, theme_id)
VALUES
(:english, :english_abbr, :variant, :bulgarian, :bulgarian_abbr, :theme_id)");
$insert->execute(array(':english' => $english,
':english_abbr' => $english_abbr,
':variant' => $variant,
':bulgarian' => $bulgarian,
':bulgarian_abbr' => $bulgarian_abbr,
':theme_id' => $theme_id));
if($insert) {
echo "<h4 style=\"color:green; background:transparent;\">⇒ Term \"$english\" inserted successfully.</h4>";
if(!empty($english_definition) || !empty($bulgarian_definition)) {
$insert_id = $db->lastInsertId();
$insert_def = $db->prepare(
"INSERT INTO ".DICTIONARY_DEFINITIONS."
(term_id, english_definition, bulgarian_definition)
VALUES
(:term_id, :english_definition, :bulgarian_definition)");
$insert_def->execute(array(
':term_id' => $insert_id,
':english_definition' => $english_definition,
':bulgarian_definition' => $bulgarian_definition));
if($insert_def) {
echo "<h4 style=\"color:green; background:transparent;\">⇒ Definition(s) inserted successfully.</h4>";
}
else {
echo "<h4 style=\"color:red; background:transparent;\">⇒ There was a problem inserting the definition(s)!</h4>";
}
}
unset($_POST); $_POST = array();
}
else {
echo "<h4 style=\"color:red; background:transparent;\">⇒ There was a problem executing the query: </h4>";
}
}
include("insert_form.php");
}
else {
include("insert_form.php");
}
保存到数据库时使用htmlspecialchars()函数,再次回显时使用htmlspecialchars_decode()函数。
这是一个有点模糊的问题,如果你会正确使用 pdo,我什至不认为你应该处理斜线,但如果你不想在没有斜线的情况下显示数据,你是否尝试过使用字符串替换?
$search_result = str_replace ("/", "", $search_result);
如果我理解你的问题是对的,这应该能达到你想要的效果