如何通过php在mysql中插入特殊字符并显示在html页面上 [英] how to insert special character in mysql via php and display on html page

问题描述

如何在

Registered symbol ( ® )或 Copyright sign ( © )或 Trade Mark sign ( ™ )

我也想在html页面上显示为原始.

Also I want to display as original on the html page.

我在双面(前端和后端)都需要做的事情，请详细说明

What I have to do in both side (front end and back end), please elaborate

哪个功能更有效?

$_GET = array_map('trim', $_GET);
$_POST = array_map('trim', $_POST);

if(get_magic_quotes_gpc()){
  $_GET = array_map('stripslashes', $_GET);
  $_POST = array_map('stripslashes', $_POST);  

  $_GET = array_map('strip_tags', $_GET);
  $_POST = array_map('strip_tags', $_POST);  
 }
 else{
  $_GET = array_map('mysql_real_escape_string', $_GET);
  $_POST = array_map('mysql_real_escape_string', $_POST);   
 }

方法2:

  foreach ($_POST as $key=>$value){
        if (!get_magic_quotes_gpc()) {
          return addslashes(htmlentities(strip_tags($value),ENT_QUOTES,'UTF-8'));
          } 
          else {
             return htmlentities(strip_tags($value),ENT_QUOTES,'UTF-8');
          }
  }

我有点困惑之间有什么区别

I am a bit confused what is the difference between

htmlentities() 和

htmlentities() and htlspecialchars(), and which one i have to use?

应使用哪个功能 addslashes() 或 stripslashes() ?

which function should be used addslashes() or stripslashes() when insert into database?

推荐答案

只需将这些符号添加到您的文本中，然后将其作为SQL查询执行即可:

Just simply add those symbols to your text, and execute it as SQL query:

INSERT INTO tbl_name VALUES ("Here's my text: ©®");

当您要显示它时，网站不会对这些符号进行任何操作(但请记住至少转义<，>，&(使用

When you want to display it one the website don't do anything with these symbols (but remember to escape at least <, >, & (using htmlspecialchars()) cause those has special meaning in XML/SGML (HTML) documents)

PS.还请记住使用 mysql_real_escape_string来转义传递给SQL查询的文本. )，以避免任何SQL注入问题.如果您的服务器启用了magic_quotes_gpc，请禁用它，或者至少将GET/POST/COOKIE数据过滤为原始值.您应该始终自觉地逃避价值观.

PS. Also remember to escape text passed to SQL query using mysql_real_escape_string() to avoid any SQL Injection problems. If your server has magic_quotes_gpc enabled disable it or at least filter your GET/POST/COOKIE data to its raw value. You should always consciously escape values.

根据您的评论...我不记得默认情况下是否启用了magic_quotes_gpc，但是您可以轻松撤消魔术引号效果.在您的PHP代码的最开始处，添加如下内容:

According to your comment... I don't remember whether magic_quotes_gpc are enabled by default but you can easily undone magic quotes effect. Just on the very beginning of your PHP code add something like this:

if (get_magic_quotes_gpc()) {
  array_walk_recursive($_GET, 'stripslashes');
  array_walk_recursive($_POST, 'stripslashes');
  array_walk_recursive($_COOKIE, 'stripslashes');
}

现在，每个GPC值都应该始终是原始值-不带引号-因此您必须先手动对其进行转义，然后再将任何变量传递给查询.

Now each GPC value should be always raw - without quotes - so you have to escape it manually before passing any variable into query.

这篇关于如何通过php在mysql中插入特殊字符并显示在html页面上的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！