i know there must be thousands of threads like this, but the internet and stack overflow is flooded with results from other programming languages and simply replacing the characters with a whitespace and so on...
so... my problem is as follows...
i have a form with: <input type='text' id='my_input'>
then i parse all my fields in javascript (with jquery) to create my ajax call, like this
var my_value = $('#my_input').val();
then i do a replace to get the line breaks my_value = my_value.replace('\\n', '<br>');
after that i post my variables with ajax like this:
data_to_post = 'my_field1=' + my_value1 + 'my_field2' + my_value2;
$.ajax({
type: 'POST',
url: '/write_to_db.php',
data: data_to_post
});
now many people on my site talk about programming and that content started screwing up my site, because their post content gets parsed as php or as html formatting - i'm planning to replace all the problematic characters that could screw up the code of my site.
the most problematic expressions are html tags and &= because it interferes with the way i put my post variable together.
now, because those characters are necessary for the content, i can't simply replace them all with with a single character.
is there any way i could escape them (at best in a one line command)?
thanks!
UPDATE: my temporary solution is this:
this_string = this_string.replace(/</g, '<');
this_string = this_string.replace(/>/g, '>');
this_string = this_string.replace(/\n/g, '<br>');
this_string = escape(this_string);
I would use $.serializeJSON() on the form element itself to gather up all the values for the entire form. Then I would send that to the server-side script via an AJAX call. A task like parsing a complex comment or text field that allows for code as well as plain text is better left to a server-side language.
try the javascript function escape(): http://www.w3schools.com/jsref/jsref_escape.asp
data_to_post = 'my_field1=' + escape(my_value1) + 'my_field2' + escape(my_value2);
Edit:
to deal with the HTML characters the people are not allowed to post, you could php this:
$outputstring = "hi<br />bye!";
echo htmlspecialchars($outputstring);
info on how this works: http://php.net/manual/en/function.htmlspecialchars.php
How about:
my_value = my_value.replace(/\n|\.|\~/g, '<br>');
Put your characters to replace around the | (OR) separator and have the /g flag at the end
Although your intent is not entirely clear to me, you could preserve the programmers' content and still display the carriage return/linefeed by wrapping the expression in a tag.
Another possibility is to use CSS to style the appearance. Take a look at the answer to this post: How can I replace certain carriage return line feed followed by a dash with a <br/>?
It sounds like you are simply wanting to encode the HTML characters to preserve the HTML characters, so if this is the case the following will encode the text correctly:
var textVal = $('#my_input').val();
var encoded = $('<div/>').text(textVal).html();
This creates an in-memory div to help with encoding. To decode you can simply change the div call to:
var unencoded = $('<div/>').html(textVal).text()
您是否考虑过在以下示例中为您处理PHP?
nl2br(htmlspecialchars($str,ENT_QUOTES,'UTF-8'));
$.ajax({
type: 'POST',
url: '/write_to_db.php',
data: {
'my_field1': my_value1,
'my_field2': my_value2
}
});
Pass an object in the data instead of a string, jquery do that for you.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.