如何转义要插入mysql的HTML代码
[英]How to escape html code to insert in mysql
问题描述
I am using tinymce editor to have html page and then insert it in mysql. 
我正在使用tinymce编辑器来获取html页面,然后将其插入mysql中。 I tried this: 我尝试了这个:
$esdata = mysql_real_escape_string($data);
it is working for all html except images. 它适用于除图像外的所有html。 If I have hyperlink like: 如果我有超链接,例如:
http://www.abc.com/pic.jpg
then it makes it somewhat very obscure and the image doesn't appear. 那么它会变得有些晦涩,并且不会出现图像。
INPUT <img src="../images/size-chart.jpg" alt="Beer" /> 输入<img src="../images/size-chart.jpg" alt="Beer" />
OUPUT <img src="\\""images/size-chart.jpg\\\\"\\"" alt="\\"Beer" /> OUPUT <img src="\\""images/size-chart.jpg\\\\"\\"" alt="\\"Beer" /> <img src="\\""images/size-chart.jpg\\\\"\\"" alt="\\"Beer" />
3 个解决方案
解决方案1
3 已采纳 2011-05-18 13:26:36
Try to use urlencode and urldecode to escape the string. 尝试使用urlencode和urldecode来转义字符串。 As Christian said it is not used for the sake of DB but to keep the things as it is. 正如克里斯蒂安所说,它不是为了DB而是为了保持原样。 So you can also use urlencode and urldecode . 因此,您还可以使用urlencode和urldecode 。
For Ex: 例如:
//to encode
$output = urlencode($input);
//to decode
$input = urldecode($output);
解决方案2
2 2011-05-18 12:05:53
You shouldn't over-escape code before you send it to DB. 在将代码发送到数据库之前,您不应过度转义代码。
When you escape it, it's done in a way that it is stored in the DB as it was originally. 当您对其进行转义时,它的完成方式是将其原始存储在数据库中。 Escaping is not done for the sake of the DB, but for the sake of keeping the data as it was without allowing users to inject bad stuff in your sql statements (prior to sending the stuff in the DB). 转义不是为了DB而进行的,而是为了保持数据原样而不让用户在sql语句中注入不良内容(在将这些内容发送到DB中之前)。
解决方案3
0 2011-05-18 13:44:46
您应该使用用htmlspecialchars函数来编码字符串, htmlspecialchars_decode显示的字符串返回HTML
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.