[英]How to properly save string with quotation marks to database for further displaying?
I want save some form data on database. 我想在数据库上保存一些表单数据。 The form: 表格:
echo '<form action="post" method="'.$_SERVER['PHP_SELF'].'">
<input type="text" name="first_name" value="htmlspecialchars($_POST['first_name']).' />
<input type="text" name="last_name" value="htmlspecialchars($_POST['last_name']).' />
<input type="submit" name="submit" />
</form>';
If some input is empty it do refresh to same page and show error at top that say to fill the inputs. 如果某些输入为空,则会刷新到同一页面,并在顶部显示错误,以说填满了输入。
The problem is when I fill only one input to value aaa"aaa and the another save empty, than I submit. Than I get error that say to fill the another input and the filled value change from aaa"aaa to aaa"aaa. 问题是,当我仅填充一个输入以值aaa” aaa,而另一输入保存为空时,则比我提交的多。然后我得到了错误,说要填充另一输入并且填充值从aaa” aaa变为aaa” aaa。
Because of that when I save the data on database some of the data is escaped and some data is not. 因此,当我将数据保存到数据库中时,某些数据会被转义,而某些数据则不会。
I thought to use htmlspecialchars_decode but if I will type aaa"aaa it will convert it to aaa"aaa when i want save it as it is (aaa"aaa). 我以为使用htmlspecialchars_decode,但是如果我要键入aaa”“ aaa”,则当我希望将其原样保存时将其转换为“ aaa”“ aaa”(aaa” aaa)。
What I can do? 我可以做什么?
Thank you! 谢谢!
好吧,我建议您使用Javascript验证来检查每个字段,然后如果一切正常,则将其保存在数据库中。
If you need to do verification of user data, certainly you need to do it on front-end (javascript) and in back-end (for security reasons). 如果您需要验证用户数据,则肯定需要在前端(javascript)和后端(出于安全原因)进行验证。
Anyway, first of all I see mistakes in your php code. 无论如何,首先我在您的php代码中看到错误。 There is no some proper concatenation symbols and quotation marks. 没有适当的串联符号和引号。 Correct piece of code should be: 正确的代码段应为:
echo '<form action="post" method="'.$_SERVER['PHP_SELF'].'">
<input type="text" name="first_name" value="'.htmlspecialchars($_POST['first_name']).'" />
<input type="text" name="last_name" value="'.htmlspecialchars($_POST['last_name']).'" />
<input type="submit" name="submit" />
</form>';
If you really want to display quotaion marks, which were been inserted by your users, as variant you can use html_entity_decode($your_variable_here);
如果您确实要显示由用户插入的配额标记,则可以使用html_entity_decode($your_variable_here);
$orig = "I'll \"walk\" the <b>dog</b> now";
$a = htmlspecialchars($orig);
$b = html_entity_decode($a);
echo $a; // I'll "walk" the <b>dog</b> now
echo $b; // I'll "walk" the <b>dog</b> now
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.