PHP如何防止PHP转义html fopen fwrite
[英]PHP how to prevent PHP from escaping html fopen fwrite
问题描述
I am trying to make an app that will allow me to more easly create HTML documents. 
我正在尝试开发一个使我能够更轻松地创建HTML文档的应用程序。
It mostly works except that when I write to the file it adds backslashes. 除了我在写入文件时添加反斜杠外,它几乎可以正常工作。
<a href=\"google.com\">google</a>
Any idea how to stop it from doing this? 知道如何阻止它执行此操作吗?
I got it to work! 我懂了! if i stripslashes() before I write it to the file it will save/create the file with out the \\ Thank you for all of your help! 如果我在将其写入文件之前将stripslashes()写入文件,它将在没有\\的情况下保存/创建文件。感谢您的所有帮助!
4 个解决方案
解决方案1
2 2012-06-19 19:31:44
It is probably because the magic quotes are on, if you don't want to use the stripslashes every time, you should disable them either in your php.ini file or with an htaccess file like such: 可能是因为魔术引号已打开,如果您不想每次都使用反斜杠,则应在php.ini文件或htaccess文件中将其禁用,例如:
In php.ini file: 在php.ini文件中:
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
OR in .htaccess file: 或在.htaccess文件中:
php_flag magic_quotes_gpc Off
OR disable them directly in your code: 或直接在您的代码中禁用它们:
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
source: http://php.net/manual/en/security.magicquotes.disabling.php 来源: http : //php.net/manual/en/security.magicquotes.disabling.php
解决方案2
1 2012-06-19 19:29:06
If you are using a single-quoted string, you shouldn't use escape double-quotes with backslashes, as they are interpreted literally. 如果使用单引号字符串,则不应使用带反斜杠的转义双引号,因为它们是按字面解释的。
Note: Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.
解决方案3
1 2012-06-19 19:37:04
this behaviour is caused by PHP's deprecated Magic Quotes directive, yours is still activated, as it is by default in any default PHP install prior to 5.4. 此行为是由PHP弃用的Magic Quotes指令引起的,您的仍被激活,因为在5.4之前的任何默认PHP安装中默认情况下都是如此。 Unless you specify a length argument, fwrite will look at magic-quotes-runtime to see wether it'll escape or not. 除非您指定长度参数,否则fwrite将查看magic-quotes-runtime以查看它是否转义。
to turn it off you could place 将其关闭,您可以放置
php_flag magic_quotes_gpc Off
in a .htaccess file, you'll need to use apache DSO to allow for this option 在.htaccess文件中,您需要使用apache DSO允许此选项
or you can disable it in php.ini 或者您可以在php.ini中禁用它
if you can't do either of these things because you're on a shared host or for another reason, then solve it in code. 如果由于共享主机或其他原因而无法执行上述任何一项操作,请使用代码解决。
function write($resource,$string,$length)
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return fwrite($resource, $string,$length);
}
解决方案4
0 2014-12-16 15:03:52
I had a similar problem but with a $_POST['body'] variable. 我有一个类似的问题,但是有一个$ _POST ['body']变量。 This works for me: 这对我有用:
str_replace("\\", "", $_POST['body']);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.