[英]php echoing dynamic variable containing quotes
I have a variable $dcomment and need to do the following: 我有一个$ dcomment变量,需要执行以下操作:
echo '<div class="commentBox">' .
'<span class="byText">[BY]</span> ' .
'<span class="commenterName"><a href=" '.$webLink.' ">'.$dname.'</a></span>' .
' [DATE] ' . $dt . '</span>' . '<br>' .
'[COMMENT] ' . $dcomment .
$linkdel . '<br />' .
'</div>';
The variables may contain quotes within them, like 变量中可能包含引号,例如
$dcomment = "Stackoverflow's great"; // containing single quote in it ... etc
is there any built-in php function to solve this or how can I do that? 有没有内置的php函数来解决这个问题,或者我该怎么做?
I think you are looking for htmlentities($str)
(click for manual page) 我认为您正在寻找
htmlentities($str)
(单击手册页)
It will replace all applicable characters to HTML entities, so you don't have to fear getting "
, <
and similar characters in your mark-up and attribute fields. 它将替换所有适用于HTML实体的字符,因此您不必担心在标记和属性字段中会出现
"
, <
和类似字符。
If you want to also escape single quotes '
, use 如果您还想转义单引号
'
,请使用
htmlentities($str, ENT_QUOTES)
(as described in the documentation) (如文档中所述)
You could replace all quotes with their HTML entity. 您可以将所有引号替换为其HTML实体。
htmlentities
or str_replace
htmlentities
或str_replace
htmlentities
: http://php.net/manual/en/function.htmlentities.php htmlentities
: http : //php.net/manual/zh/function.htmlentities.php
str_replace
: http://php.net/manual/en/function.str-replace.php str_replace
: http : //php.net/manual/zh/function.str-replace.php
Note : You need to use ENT_QUOTES
for htmlentities
. 注意 :您需要将
ENT_QUOTES
用于htmlentities
。
htmlentities($dcomment, ENT_QOUTES)
To escape strings for use in HTML context, PHP provides the htmlspecialchars
function. 为了转义在HTML上下文中使用的字符串,PHP提供了
htmlspecialchars
函数。 It will replace "
, '
, &
, <
, and >
with their respective HTML entities. 它将用各自的HTML实体替换
"
, '
, &
, <
和>
。
If you need to escape strings for use as an URL, there's the urlencode
and rawurlencode
functions. 如果您需要转义字符串以用作URL,则可以使用
urlencode
和rawurlencode
函数。
Sometimes it's necessary to combine both, ie html-escape an urlencoded string. 有时有必要将两者结合起来,即html-转义urlencoded字符串。
Ok I did this and worked: [I have voted up everyone who helped me here, thank you all] 好的,我这样做了,并工作了:[我投票赞成在这里帮助过我的每个人,谢谢大家]
$name= mysql_real_escape_string($_POST['name']);
$emailAddress = mysql_real_escape_string($_POST['emailAddress']);
$webAddress = mysql_real_escape_string($_POST['webAddress']);
$comment=mysql_real_escape_string($_POST['comment']);
$submit=mysql_real_escape_string($_POST['submit']);
Thanks to @MightyPork :-) 感谢@MightyPork :-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.