[英]how to accept less than sign in a php function
I'm having a problem inserting a less than sign "<"
followed by another character let's say "<p"
or something like "<---me"
. 我在插入小于号"<"
后跟另一个字符,例如"<p"
或类似"<---me"
。 Im passing thru this function: 我通过此功能传递:
function checkValues($value)
{
$value = trim($value);
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
$value = strtr($value,array_flip(get_html_translation_table(HTML_ENTITIES)));
$value = strip_tags($value); //this line doesnt accept lessthan
$value = mysql_real_escape_string($value);
$value = htmlspecialchars ($value);
return $value;
}
I know if I remove the strip_tags() lessthan sign will be accepted, but is it safe to save it to the database right after passing thru my function? 我知道是否删除了strip_tags()小于号将被接受,但是通过函数后将其立即保存到数据库中是否安全? Or is there a way to let the lessthan sign pass through this function without any problem on saving to database? 或者有没有办法让小于号通过此功能,而在保存到数据库时没有任何问题?
You shouldn't save sanitized user data to database ( htmlspecialchars()
). 您不应该将经过清理的用户数据保存到数据库( htmlspecialchars()
)。 You should sanitize it before outputing, to prevent problems. 您应在输出之前对其进行消毒,以防止出现问题。
Actually, there's nothing wrong with putting <
sign into database. 实际上,将<
符号放入数据库中没有任何问题。 Just be sure to use right sanitization in the right context (don' use htmlspecialchars()
after mysql_real_escape_string()
) 只需确保在正确的上下文中使用正确的消毒(不要在mysql_real_escape_string()
之后使用htmlspecialchars()
mysql_real_escape_string()
)
your function has a lot of mistakes, look at this example: 您的函数有很多错误,请看以下示例:
This value would be created in your function 该值将在您的函数中创建
\"
This value should be created in your function 此值应在您的函数中创建
\"
which is really wrong 真的错了
So what should your function(s) look like? 那么您的函数应该是什么样的呢?
function checkValues($value)
{
$value = trim($value);
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
$value = mysql_real_escape_string($value);
return $value;
}
// just before outputing
function beforeOutput($value) {
return htmlspecialchars($value);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.