安全地接受和显示特殊字符
[英]Accepting and display special characters safely
问题描述
I know this has been said before, and most likely a duplicate, but I'm having trouble consolidating all the information I'm finding. 
我知道这已经说过了,很可能是重复的,但是我在合并所有发现的信息时遇到了麻烦。
I have input boxes that store information. 我有用于存储信息的输入框。 I'd like to allow the user to type in anything they want, and display it. 我想允许用户键入他们想要的任何内容并显示它。 However, if it happens to be something like <?php die(); ?> 但是,如果碰巧是<?php die(); ?> <?php die(); ?> , I obviously don't want it to execute. <?php die(); ?> ,我显然不希望它执行。
I know there are things like htmlspecialchars() , however, if a user types something like <b> it will display <b> 我知道有些东西像htmlspecialchars() ,但是,如果用户键入<b>之类的东西,它将显示<b> instead. 代替。
Is there a way around this? 有没有解决的办法?
1 个解决方案
解决方案1
0 2015-02-22 23:29:43
<?php
$string = '<?php echo "aaa;"?><b>sss</b>';
print "before: ". htmlspecialchars($string). "<br>";
print "after: ". cleanInput($string);
function cleanInput($input) {
$output = strip_tags($input, '<p><a><b><div>');
return htmlspecialchars($output);
}
where <p><a><b><div> are the allowable tags. 其中<p><a><b><div>是允许的标签。 this is good so, you can only set which tags you want to allow. 这样很好,所以您只能设置要允许的标签。 This will also strip <script> and other tags 这也会去除<script>和其他标签
Read: http://php.net/strip_tags 阅读: http : //php.net/strip_tags
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.