strip_tags不起作用 [英] strip_tags not working
本文介绍了strip_tags不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正试图像这样过滤掉html字符
I am truing to filter html characters out like this
$user = $_POST["user"]; //Get username from <form>
mysql_real_escape_string($user); //Against SQL injection
strip_tags($user); //Filter html characters out
但是由于某种原因,这不能将html字符过滤掉.我不知道为什么,mysql_real_escape_string
可以吗?
But for some reason this is not filtering html characters out. I don't know why, could it by mysql_real_escape_string
?
推荐答案
...但是,你的意思是:
...But, do you mean:
$user = $_POST["user"]; // Get username from <form>
$user = mysql_real_escape_string($user); // Against SQL injection
$user = strip_tags($user); // Filter html characters out
?
如其他答案中所述(指的是strip_tags()
,但与mysql_real_escape_string()
相同),这些函数不会直接更改字符串,而是返回修改后的 copy .因此,您必须将返回值分配给相同(或另一个)变量!
As said in the other answers (referring to strip_tags()
, but it's the same for mysql_real_escape_string()
), these functions do not alter strings directly, but return the modified copy. So you have to assign return values to the same (or another) variable!
这篇关于strip_tags不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文