与号作为 & 发送而不是 & 尝试更新 MySQL 数据库时
[英]Ampersand being sent as & rather than & when attempting to update MySQL database
问题描述
I am currently building an "admin" section where the information shown on the main site can be added to, updated and deleted using this one page.
我目前正在构建一个“管理”部分,可以使用此页面将主站点上显示的信息添加到、更新和删除。
All of my scripts function as intended, information is added to the database, rows are updated and deleted with no errors in 99.9% of cases.我的所有脚本都按预期运行,信息被添加到数据库中,行被更新和删除,在 99.9% 的情况下没有错误。
The database is set up with 3 columns TITLE, DESCRIPTION and Image and when updating any of the rows I use the value in TITLE as my reference for WHERE statements.数据库设置了 3 列 TITLE、DESCRIPTION 和 Image,在更新任何行时,我使用 TITLE 中的值作为 WHERE 语句的参考。
However, any title containing an '&' symbol are downloaded fine and insert into my HTML as intended, however when being sent to my update script they are sent as &.但是,任何包含“&”符号的标题都可以正常下载并按预期插入到我的 HTML 中,但是当发送到我的更新脚本时,它们会作为 & 发送。 This then doesn't register correctly with the update script and then it fails to update.这然后不会使用更新脚本正确注册,然后它无法更新。 I know '&' is converted to '&' when escaped but cannot understand why there is a second 'amp;'我知道 '&' 在转义时会转换为 '&' 但不明白为什么还有第二个 'amp;' being sent?被发送?
Can anyone shed some light on this / point me to appropriate documentation to solve this issue?任何人都可以对此有所了解/向我指出解决此问题的适当文档吗?
Javscript Function(dbtable and titler are variables that decide the table to insert into ) Javscript 函数(dbtable 和 titler 是决定要插入的表的变量)
function updating(indexno) {
var current = document.getElementById('title'+indexno).innerHTML;
var newtitle = document.getElementById('titlelink'+indexno).value;
var newdesc = document.getElementById('desclink'+indexno).value;
var newimage = document.getElementById('imagelink'+indexno).value;
if(newtitle == ""){
newtitle = document.getElementById('title'+indexno).innerHTML;
};
if(newdesc == ""){
newdesc = document.getElementById('description'+indexno).innerHTML;
};
if(newimage == ""){
newimage = document.getElementById('image'+indexno).innerHTML;
}
var request = "updatingdb.php?newtitle="+escape(newtitle)+"&newdesc="+escape(newdesc)+"&newimage="+escape(newimage)+"¤ttitle="+escape(current)+"&thetable="+escape(dbtable);
var xhr = new XMLHttpRequest();
xhr.open("GET", request);
xhr.onreadystatechange = function () {
if (xhr.readyState == 4 && xhr.status == 200) {
console.log(xhr.responseText);
}
};
xhr.send(null);
thetester(dbtable,titler);
}
PHP Script PHP脚本
$thetable = htmlentities($_GET['thetable']);
$currenttitle = htmlentities($_GET['currenttitle']);
$newtitle = htmlentities($_GET['newtitle']);
$newdesc = htmlentities($_GET['newdesc']);
$newimage = htmlentities($_GET['newimage']);
$db = mysqli_connect($servername, $user, $password);
if (!$db)
{
echo"NO CONNECTION AVAILABLE";
exit();
}
mysqli_select_db ($db, "testing");
$query ="UPDATE `$thetable` SET `TITLE`= '$newtitle', `DESCRIPTION` ='$newdesc', `IMAGE` = '$newimage' WHERE `TITLE` = '$currenttitle'";
echo$query;
$results = mysqli_query($db, $query);
if(!$results)
{
echo"not working";
exit();
}
echo"updated";
1 个解决方案
解决方案1
0 2019-04-12 11:09:35
This happens because you use htmlentities() , which will just see the & character and therefore makes an entity out of it.发生这种情况是因为您使用了htmlentities() ,它只会看到&字符,因此会从中生成一个实体。 You could either remove htmlentities from the desired input field or do something like this:您可以从所需的输入字段中删除htmlentities或执行以下操作:
$value = str_replace('&', '&', htmlentities($value));
or (better imo)或(更好的imo)
$value = htmlentities(html_entity_decode($value));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.