I've created a form that stores free text fields into a MySQL database.
All works fine and the data is displayed back as intended when viewed. Except for one niggle.
In an attempt to prevent malicious attacks I have used mysql_real_escape_string to remove any unwanted code from the input.
However, I need to be able to preserve hyperlinks and basic html.
For example, I want to store the following:
<p align="left">Please follow this <a href="link.html">link</a></p>
But the link is being stored as \\"link.html\\" as the quotes are being escaped.
How can I preserve this link and other html?
Many thank
TT
This looks like you quote string twice. Did you turn off magic_quotes_gpc
in your php.ini?
那不是mysql_real_escape_string()-我怀疑这实际上是魔术引号
您可以使用PHP函数stripslashes从引号中删除转义的斜杠:
echo stripslashes($textos);
使用PHP5,最好的方法是使用带有PDO扩展名的准备好的语句-这可以为您处理所有事情。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.