PHP中的字符串操作以直接处理或存储在表中
[英]string manipulation in php to process directly or store in table
问题描述
I frequently need to access the user text like post, tweet, articles etc. 
我经常需要访问用户文本,例如帖子,推文,文章等。
These contains ' or \\ and I get trouble. 这些包含'或\\ ,我遇到麻烦了。
Even using the 即使使用
mysqli_real_escape_String also does not help stripslashes($str) also does not help mysqli_real_escape_String也mysqli_real_escape_String stripslashes($str)也无济于事
which are the function most suitable for this? 哪个功能最适合?
This is one of the case: 这是一种情况:
$tweet = 'Best way to en'd a nights of debauchery around here. The hot dogs here are beyond great the TOKYO DOG is probably my favorite one...that taste of teriya\ki...';
If I use this using above both methods , it even get stuck without any error. 如果我在以上两种方法中都使用了它,它甚至会卡住而没有任何错误。
4 个解决方案
解决方案1
1 已采纳 2014-04-14 18:59:55
I would try using the htmlspecialchars function around the tweet. 我会尝试在推文周围使用htmlspecialchars函数。 It will convert the symbols and special characters into their HTML entities. 它将符号和特殊字符转换为其HTML实体。
$tweet = htmlspecialchars($tweet);
解决方案2
1 2014-04-14 19:02:50
<?php
$tweet = "Best way to en'd a nights of debauchery around here. The hot dogs here are beyond great the TOKYO DOG is probably my favorite one...that taste of teriya\ki...";
echo $tweet;
?>
output is: 输出为:
Best way to en'd a nights of debauchery around here. 在这里度过放荡夜晚的最佳方法。 The hot dogs here are beyond great the TOKYO DOG is probably my favorite one...that taste of teriya\\ki... 这里的热狗很棒,东京狗可能是我最喜欢的狗了。。。
解决方案3
1 2014-04-15 07:42:34
A function to make strings in general safe doesn't exist. 不存在使字符串总体上安全的函数。 Strings containing special characters aren't inherently unsafe or tricky. 包含特殊字符的字符串并不是天生就不安全也不容易。 The unsafe and tricky comes from giving them to another interpreter (eg MYSQL or a Browser) in their raw form. 不安全和棘手的问题来自以原始格式将它们提供给另一个解释器(例如MYSQL或浏览器)。 Now, how to escape the strings depends entirely on your interpreter. 现在,如何转义字符串完全取决于您的解释器。 In case of MYSQL you can use PDO, but it your interpreter is different you have to use a different escaping construct. 如果使用MYSQL,则可以使用PDO,但是您的解释器有所不同,您必须使用其他转义结构。
You should also not think about it as changing the string, you should think about it as formatting the string in a way so that it will have the same meaning in the new context you are using it. 您也不应将其视为更改字符串,而应将其视为以某种方式格式化字符串,以便在您使用它的新上下文中它具有相同的含义。
As an example, if something needs to be first put in a database and then displayed in the browser you should escape it once just before you put it in the database according to the database rules. 例如,如果需要先将某些内容放入数据库中然后在浏览器中显示,则应在根据数据库规则将其放入数据库中之前对它进行一次转义。 Then when you fetch it from the db to display in a browser you should escape it again according to the rules for how html is interpreted. 然后,当您从数据库获取它以在浏览器中显示时,您应该根据html解释的规则再次对其进行转义。
To give specific advice regarding your situation we need a bit more info about where your data corruption or errors occur. 要针对您的情况提供具体建议,我们需要有关您的数据损坏或错误发生位置的更多信息。
解决方案4
0 2014-04-14 18:56:42
Edit: never mind, the htmlspecialcharacters answer is correct for escaping. 编辑:没关系,htmlspecialcharacters答案是正确的转义。 My assumption below was wrong. 我的以下假设是错误的。
I'm assuming you need to get rid of those from the string. 我假设您需要摆脱字符串中的那些。
preg_replace is your best bet, if you know you'll only get ' or \\ in the string. 如果您知道只会在字符串中获得'或\\,则preg_replace是最好的选择。
$tweet = preg_replace("/\'\\\\/","",$string);
Try this question if you have trouble. 如果遇到问题,请尝试此问题 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.