[英]How to set ENT_QUOTES flag by default for htmlentities() function in php
I am using htmlentities($data, ENT_QUOTES)
on any data fetched from database before displaying it. 我在显示数据库之前从数据库中获取的任何数据都使用了htmlentities($data, ENT_QUOTES)
。
Is there a way I can set the flag ENT_QUOTES
by default for htmlentities()
function, so that even if I write htmlentities($data)
it should work as htmlentities($data, ENT_QUOTES)
. 有没有办法我可以为htmlentities()
函数默认设置ENT_QUOTES
标志,这样即使我写了htmlentities($data)
它也应该作为htmlentities($data, ENT_QUOTES)
。
As written in the documentation of php the default is ENT_COMPAT | ENT_HTML401
如php的文档中所述,默认为ENT_COMPAT | ENT_HTML401
ENT_COMPAT | ENT_HTML401
. ENT_COMPAT | ENT_HTML401
。
For your information I am using codeigniter framework, php5. 为了您的信息,我使用codeigniter框架,php5。
UPDATE 1: wrapping with a custom function as suggested by Michael could help but I have already used this everywhere in the website without ENT_QUOTES flag and was wondering if there is a way provided by php to change defaults for its functions. 更新1:使用迈克尔建议的自定义函数包装可能有所帮助,但我已经在没有ENT_QUOTES标志的网站中到处使用了这个,并且想知道是否有一种方法可以通过php更改其功能的默认值。
UPDATE 2: I think html_escape() inbuilt function provided by codeigniter (suggested by Wesley) is the best for me so that i don't have to write my own wrapper function. 更新2:我认为由codeigniter提供的html_escape()内置函数(由Wesley建议)对我来说是最好的,所以我不必编写自己的包装函数。
There's no way to change the default flags that I know of, but the advice given to you in the comments is absolutely the best way to approach this anyways: use a wrapper function. 没有办法改变我所知道的默认标志,但是在评论中给出的建议绝对是解决这个问题的最佳方法:使用包装函数。
Conveniently, Codeigniter has one built in already, appropriately named: 方便的是,Codeigniter已经内置了一个,恰当地命名为:
echo html_escape($string);
You can pass in arrays as well, here's what it does: 您也可以传入数组,这是它的作用:
/**
* Returns HTML escaped variable
*
* @access public
* @param mixed
* @return mixed
*/
if ( ! function_exists('html_escape'))
{
function html_escape($var)
{
if (is_array($var))
{
return array_map('html_escape', $var);
}
else
{
return htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
}
}
}
Just do a search for htmlentities
in your project and replace (carefully) with html_escape
. 只需在项目中搜索htmlentities
并用html_escape
替换(小心)。 This will also provide the opportunity for you to easily make changes in the future because you can alter the function. 这也将为您提供在未来轻松进行更改的机会,因为您可以更改功能。 It's a little bit of an initial time investment but well worth it. 这是初期投资的一点点,但非常值得。
If you are accessing the variable directly. 如果您直接访问变量。 For example: $this->model_name->variable; 例如:$ this-> model_name-> variable;
Then you can use __get function in model name and process it before it is accesses from object. 然后,您可以在模型名称中使用__get函数,并在从对象访问之前对其进行处理。 http://www.php.net/manual/en/language.oop5.overloading.php#object.get http://www.php.net/manual/en/language.oop5.overloading.php#object.get
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.