简体繁体 English

如果有javascript代码，请验证php变量

[英]Verify a php variable if there is a javascript code

原文 2012-07-24 12:31:30 7 2 php/ javascript

I have some variables in PHP (strings) and I vould like to check if inside of those strings I have some javascript code. 我在PHP（字符串）中有一些变量，我想检查一下这些字符串里面是否有一些javascript代码。 If so, I would like to make this code inactive and be displayed as string on the website, not to be executed as javascript code. 如果是这样，我想使此代码处于非活动状态并在网站上显示为字符串，而不是作为javascript代码执行。

This will be a kind of security method. 这将是一种安全方法。

Is there a method to do it in php? 有没有办法在PHP中做到这一点？ If you could give me an example, it's even better. 如果你能给我一个例子，那就更好了。

Thank you very much for your help. 非常感谢您的帮助。

2 个解决方案

You should be using htmlspecialchars() for any content you output into HTML. 对于输出到HTML的任何内容，您应该使用htmlspecialchars() 。 It escapes any HTML entities so that they are not taken literally. 它会转义任何HTML实体，因此它们不会被字面上理解。 For example, < becomes < 例如， <变为< . 。 This also solves your problem. 这也解决了你的问题。

http://php.net/manual/en/function.htmlspecialchars.php http://php.net/manual/en/function.htmlspecialchars.php

In addition to Brad's answer, consider reading the first answer here for a short summary and then the therein mentioned article afterwards. 除了布拉德的答案之外，请考虑阅读第一个答案，以获得简短的摘要，然后再阅读其中提到的文章。

This can help you to easily avoid outputting unsafe strings by accident. 这可以帮助您轻松避免意外输出不安全的字符串。