[英]PDO filter _input not working in php form processing
我有一个input type="text"
的表单
filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING);
我不知道这是怎么回事
<?php
$db_username = "sanoj";
$db_password = "123456";
try {
#connection
$conn = new PDO('mysql:host=localhost;dbname=localtest', $db_username, $db_password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$data = $conn->prepare('INSERT INTO test (type, title, model, modelnumber, prode, price, location, descrption, youare, name, email, phone, ipnu) VALUES (:type, :title, :model, :modelnumber, :prode, :price, :location, :descrption, :youare, :name, :email, :phone, :ipnu)');
$type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
$title = filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING);
$ufile = filter_input(INPUT_POST, 'ufile', FILTER_SANITIZE_STRING);
$ufile1 = filter_input(INPUT_POST, 'title1', FILTER_SANITIZE_STRING);
$ufile2 = filter_input(INPUT_POST, 'title2', FILTER_SANITIZE_STRING);
$ufile3 = filter_input(INPUT_POST, 'title3', FILTER_SANITIZE_STRING);
$ufile4 = filter_input(INPUT_POST, 'title4', FILTER_SANITIZE_STRING);
$model = filter_input(INPUT_POST, 'model', FILTER_SANITIZE_STRING);
$modelnumber = filter_input(INPUT_POST, 'modelnumber', FILTER_SANITIZE_STRING);
$prode = filter_input(INPUT_POST, 'prode', FILTER_SANITIZE_STRING);
$price = filter_input(INPUT_POST, 'price', FILTER_SANITIZE_STRING);
$location = filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING);
$descrption = filter_input(INPUT_POST, 'descrption', FILTER_SANITIZE_STRING);
$youare = filter_input(INPUT_POST, 'youare', FILTER_SANITIZE_STRING);
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
$phone = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING);
$ipnu = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_STRING);
$data->execute(array(':type' => $type, ':title' => $title, ':model' => $model, ':modelnumber' => $modelnumber, ':prode' => $prode, ':price' => $price, ':location' => $location, ':descrption' => $descrption, ':youare' => $youare, ':name' => $name, ':email' => $email, ':phone' => $phone, ':ipnu' => $ipnu));
#exception handiling
} catch (PDOException $e) {
echo $e->getMessage();
}
echo "$ipnu";
?>
这些代码工作正常,但现在无法正常工作
$text = preg_replace("/[^a-zA-Z0-9]+/", "", $text);
因此,您只有字母和数字。
默认情况下,&符号不会使用FILTER_SANITIZE_STRING进行编码,因此您需要在标记中添加它:
$title = filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.