htmlentities()无法以php形式工作
[英]htmlentities() is not working in php form
问题描述
htmlentities is not wroking, it should escape quotes but is does not. 
htmlentities并没有崩溃,它应该转义引号,但事实并非如此。
<?php
session_start();
session_regenerate_id( true );
if(isset($_REQUEST['sub'])){
echo $name = htmlspecialchars($_REQUEST['email'] );
echo $pswd = $_REQUEST['pswd'];
echo $abc = htmlentities($pswd ,ENT_QUOTES, "UTF-8");
//echo $pswd = htmlentities("hello" ,ENT_QUOTES);
}
?>
<html lang="en">
<head>
<title>Bootstrap Example</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<h2>Login form</h2>
<form action="" method="POST">
<div class="form-group">
<label for="email">Email:</label>
<input type="email" class="form-control" id="email" placeholder="Enter email" name="email" required>
</div>
<div class="form-group">
<label for="pwd">Password:</label>
<input type="password" class="form-control" id="pwd" placeholder="Enter password" name="pswd" required>
</div>
<button type="submit" class="btn btn-primary" name="sub">Submit</button>
</form>
</div>
</body>
</html>
You can see 1 line is comment, If I pass a value with quotes in htmlentites(), It outputs the value without quotes, But If I am passing a value from my form, suppose I passed "hello". 您可以看到1行是注释,如果我在htmlentites()中传递带引号的值,则输出不带引号的值,但是如果我从表单传递值,则假设我传递了“ hello”。 " " are included. “ “ 被包含在内。 And store this value in php variable and then pass this variable in htmlentites(). 并将此值存储在php变量中,然后在htmlentites()中传递此变量。 It shows output in "", But it should ignore quotes. 它以“”显示输出,但应忽略引号。
1 个解决方案
解决方案1
0 2019-05-21 07:13:12
There is difference in how you are using the both htmlentities function. 两种htmlentities函数的使用方式有所不同。 If you want to imitate how the first one will work, the one that is commented out should look like this: 如果您想模仿第一个的工作方式,则被注释掉的应该看起来像这样:
htmlentities('"hello"' ,ENT_QUOTES);
In your example in the commented out function call, the quotes serve as part of the function, you are passing a parameter like that, so they never even get to be parsed by the function. 在注释掉的函数调用的示例中,引号用作函数的一部分,您传递了这样的参数,因此它们甚至都不会被函数解析。
The purpose of the htmlentities is not to strip away characters, but to escape them, so you will never see a sign missing. htmlentities的目的不是剥离字符,而是将字符转义,因此您将永远不会看到缺少符号的情况。 The use of html entities is for example to print a string in the html like <p> . 例如,使用html实体可以在html中打印<p>类的字符串。 If not passed through htmlentities it will render a html p tag, if passed through htmlentities like htmlentities('<p>') it will print exaclty that string. 如果不通过htmlentities传递,它将呈现一个html p标签,如果通过htmlentities('<p>')之类的htmlentities('<p>')传递,它将显示该字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.