哪个函数用htmlspecialchars()代替了数组?
[英]Which Function Substitutes htmlspecialchars() For Arrays?
问题描述
Q.) Which Function Substitutes htmlspecialchars() For Arrays? 
问htmlspecialchars()哪个函数用htmlspecialchars()代替了数组?
I'm working on a small app for adding tables to a db, printing them via html and allowing for these tables to be deleted via a hidden form button. 我正在开发一个小型应用程序,用于将表添加到db,通过html打印它们,并允许通过隐藏的表单按钮删除这些表。
I only receive error for ?addjoke . 我只收到?addjoke错误。
Error is on line #19 of HTML File.
I also attached PHP Controller below HTML code block for reference.
$jokesarray lies below "// ***** Display DB ***** //."$jokes数组位于“ // ***** Display DB ***** //”下面。
I just changed selecting just one table to two tables and I had to change my mysqli_fetch_array code from just calling the joketext table (for just printing the rows) to joketext AND id ( id for deleting joketext - the functionality that caused this problem to arise.) 我只是改变了只选择一个表两张表,我不得不改变我的mysqli_fetch_array从刚刚调用代码joketext表(只是打印行)到joketext和id ( id删除joketext -这导致出现这个问题的功能。 )
So this code: 所以这段代码:
while ($row = mysqli_fetch_array($result))
{
$jokes[] = array('id' => $row['id'], 'text' => $row['joketext']); // Changed from just $row['joketext'] to now both tables.
}
has forced me to change: 迫使我改变:
<p><li><?php echo htmlspecialchars($joke, ENT_QUOTES, 'UTF-8'); ?> -
to: 至:
<p><li><?php echo htmlspecialchars($joke['text'], ENT_QUOTES, 'UTF-8'); ?> -
Which I understand is in fact an array because there's no other way to call both without it right? 我知道实际上是一个数组,因为没有其他方法可以同时调用这两个数组? I'm a newbie so I don't understand why htmlspecialchars() can only be used with strings...what am I missing? 我是新手,所以我不明白为什么htmlspecialchars()仅可与字符串一起使用...我缺少什么?
HTML File HTML文件
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>List of Jokes</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Slabo+27px">
</head>
<body>
<div id="mainContainer">
<div id="contentContainer">
<div class="headerItem">Here are all the jokes in the database:</div>
<div id="addJoke">+ <a href="?addjoke">Add Joke</a></div>
<ol>
<?php foreach ($jokes as $joke): ?>
// ***** LINE***** 19 //
<form action="?deletejoke" method="post">
// ***** LINE***** 19 //
<p><li><?php echo htmlspecialchars($joke['text'], ENT_QUOTES, 'UTF-8'); ?> -
<input type="hidden" name="id" value="<?php echo $joke['id']; ?>">
<input type="submit" value="Delete"></li></p>
</form>
<?php endforeach; ?>
</ol>
</div>
<div id="footer">
<p><a href="/php/day%207%20code/before/addjoke/">IDJB Home</a> - <a href="?addjoke">Add Joke to IDJB</a> - <a href="#">Sitemap</a></p>
<p>© <?php echo date("Y") ?> Internet Joke Database</p>
</div>
</div>
</body>
</html>
PHP Controller File PHP控制器文件
<?php
// ***** MagicQuoteFix ***** //
if (get_magic_quotes_gpc())
{
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
// ***** Begin Connection Info ***** //
$connection = mysqli_connect('localhost', 'ijdbuser', 'ijdbpw');
if (!$connection)
{
$error = 'Unable to connect to the database server.';
include 'error.html.php';
exit();
}
if (!mysqli_set_charset($connection, 'utf8'))
{
$output = 'Unable to set database connection encoding.';
include 'output.html.php';
exit();
}
if (!mysqli_select_db($connection, 'ijdb'))
{
$error = 'Unable to locate the joke database.';
include 'error.html.php';
exit();
}
// ***** Display DB ***** //
$result = mysqli_query($connection, 'SELECT id, joketext FROM joke');
if (!$result)
{
$error = 'Error fetching jokes: ' . mysqli_error($connection);
include 'error.html.php';
exit();
}
while ($row = mysqli_fetch_array($result))
{
$jokes[] = array('id' => $row['id'], 'text' => $row['joketext']);
}
if (isset($_GET['addjoke'])) {}
else
{
include 'jokes.html.php';
}
//
// ***** Begin Add/Remove DB Options ***** //
if (isset($_GET['addjoke']))
{
include 'form.html.php';
exit();
}
if (isset($_GET['deletejoke']))
{
$id = mysqli_real_escape_string($connection, $_POST['id']);
$sql = "DELETE FROM joke WHERE id='$id'";
if (!mysqli_query($connection, $sql))
{
$error = 'Error deleting joke: ' . mysqli_error($connection);
include 'error.html.php';
exit();
}
//header('Location: .');
exit();
}
if (isset($_POST['joketext']))
{
$joketext = mysqli_real_escape_string($connection, $_POST['joketext']);
$sql = 'INSERT INTO joke SET
joketext="' . $_POST['joketext'] . '",
jokedate=CURDATE()';
if (!mysqli_query($connection, $sql))
{
$error = 'Error adding submitted joke: ' . mysqli_error($connection);
include 'error.html.php';
exit();
}
header('Location: .');
exit();
}
?>
I realize some of my code is old or depreciated.
Thanks for helping me learn. 感谢您帮助我学习。
1 个解决方案
解决方案1
0 2015-05-17 16:08:48
I'm a newbie so I don't understand why htmlspecialchars() can only be used with strings...what am I missing?
You have to iterate through the array and escape the strings in it: 您必须遍历数组并转义其中的字符串:
foreach($arr as &$v)
$v = htmlspecialchars($v);
Now you have each value in the array escaped. 现在,您已对数组中的每个值进行了转义。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.