PHP - str_replace();
[英]PHP - str_replace();
问题描述
I'm entering news on my website through a form. 
我通过表格在我的网站上输入新闻。 While adding news or editing it, \\r or \\n get replaced with a br. 在添加新闻或编辑新闻时,\\ r或\\ n将替换为br。
Now I still have an issue, when I write for example "I've" it will print out as I\\'ve. 现在我还有一个问题,当我写“我已经”时,它会像我一样打印出来。
First question, is this caused due to mysql_real_escape_string(); 第一个问题,这是由于mysql_real_escape_string()引起的; ? ? Second question, how can I replace multiple matches with diffirent tags ? 第二个问题,我如何用diffirent标签替换多个匹配?
Right now I have something like this: 现在我有这样的事情:
$order = array("'", "\'");
$replace = "´";
$order = array("\r\n", "\n", "\r");
$replace = "<br />";
$string = $news;
$insert = str_replace($order, $replace, $string);
I'm almost sure this is not the correct way to do it because they are all assigned to the same variables,.. Could someone point me in the right direction please ? 我几乎可以肯定这不是正确的方法,因为它们都分配给相同的变量,..有人能指出我正确的方向吗?
Edit: Although this works, am I 'allowed' to code it like this ? 编辑:虽然这有效,但我允许'像这样编码吗?
Edit: Thank you all for your answers, problem is fixed now ! 编辑:谢谢大家的回答,现在问题解决了! :) :)
5 个解决方案
解决方案1
2 2013-05-02 12:52:06
Yes, this is not the right way to do it. 是的,这不是正确的方法。
You should start by ensuring that you are using a consistent character set in your html and in your database. 首先应确保在html和数据库中使用一致的字符集。 Next, remember the magic rule: Never sanitize input, always sanitize output. 接下来,请记住神奇的规则:永远不要清理输入,始终清理输出。
ie the only change to the data you put into the database should be mysql_real_escape_string() (or use bound parameters). 即,您放入数据库的数据的唯一更改应该是mysql_real_escape_string()(或使用绑定参数)。 For output to the browser, use htmlentities() - do NOT attempt to write your own versions of these. 要输出到浏览器,请使用htmlentities() - 不要尝试编写自己的版本。 DO NOT use stripslahses unless there is no appropriate method of escaping the content corectly. 除非没有合适的方法来逃避内容,否则不要使用striplahses。
Also, make sure that addslashes is disabled everywhere in PHP. 此外,请确保在PHP中的任何位置都禁用了addslashes。
解决方案2
0 2013-05-02 12:50:32
You can use arrays as input for str_replace(): 您可以使用数组作为str_replace()的输入:
$order = array("'", "\'","\r\n", "\n", "\r");
$replace = array("´","´","<br />","<br />","<br />");
$string = $news;
$insert = str_replace($order, $replace, $string);
And yes, the escaped \\' are likely from your database code. 是的,转发的可能来自您的数据库代码。 Use stripslashes() to remove them. 使用stripslashes()删除它们。
解决方案3
0 2013-05-02 12:51:29
You can simple use the function stripslashes . 您可以简单地使用函数stripslashes 。
stripslashes($string);
Have a look into the official documentation 查看官方文档
<?php
$str = "Is your name O\'reilly?";
// Outputs: Is your name O'reilly?
echo stripslashes($str);
?>
解决方案4
0
Use the function html_entity_decode to decode the html part in special character at the time of inserting the data in database. 在数据库中插入数据时,使用函数html_entity_decode解码特殊字符的html部分。
And when you are echoing that use the function htmlspecialchars . 当你回应时,使用函数htmlspecialchars 。 This is opposite of above function and you will not face any issue. 这与上述功能相反,您不会遇到任何问题。
解决方案5
0 2013-05-02 12:55:56
I'm entering news on my website through a form.
The code you posted will work (the last part at least). 您发布的代码将起作用(至少是最后一部分)。 However PHP has a function specifically for this purpose - nl2br() 但是,PHP具有专门用于此目的的功能 - nl2br()
Now I still have an issue, when I write for example "I've" it will print out as I\\'ve.
This is due to a deprecated PHP configuration setting called magic quotes , which automatically escapes GET or POST data. 这是因为弃用的PHP配置设置称为魔术引号 ,它会自动转义GET或POST数据。 If you are already escaping the variables using mysql_real_escape_string, you can probably safely disable magic quotes. 如果您已经使用mysql_real_escape_string转义变量,则可以安全地禁用魔术引号。 You should never have to call stripslashes() on data you've pulled out of the database. 您永远不必对从数据库中提取的数据调用stripslashes()。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.