带有撇号的mysql文本值没有正确显示 [英] mysql text value with apostrophe not showing up correctly
问题描述
$ groupname = addslashes($ _ POST ['groupname'];
$ b将以下TEXT值插入到MySQL中$ b
从Mysql获取值时,我使用
$ name = $ row ['groupname'];
echo $ name;
这个展示正确地显示为戴维斯先生集团
但是当这个值添加到一个表格中的时候,我将这个值传递给了一个表达式
p
到另一个页面,并检索它作为
$ name = $ _POST ['groupname'];
echo $ name;
它显示为Davis先生,保留了所有的一切。
??不知道为什么,我尝试添加stripslashes( $ _POST ['groupname'];同样的事情发生
< input name ='groupname'type ='hidden'value ='$ groupname'/>
< input name ='gro upname'type ='hidden'value ='戴维斯先生集团'/>
^ ----
在指定位置,浏览器的解析器将会看到'结尾的 value = ,后面跟着一些未知的属性 s 和一个坏的属性组'。
要在表单中嵌入这种类型的文本,您需要使用 htmlspecialchars()< / code>,> , ',)转换为它们的字符实体等价物,因此它们可以安全地嵌入到表单中。
addslashes()是一种安全地向数据库中添加内容的弃用方法,它不会让某些内容安全地嵌入到HTML中。
I'm inserting the following TEXT value into MySQL using..
$groupname = addslashes($_POST['groupname'];
When getting the value from Mysql I'm using
$name = $row['groupname'];
echo $name;
And this show correctly as "Mr. Davis's Group"
but when this value in added to a form as
then I pass the value to another page, and retrieve it as
$name = $_POST['groupname']; echo $name;
it show up as "Mr. Davis" keeping everything before the apostrophy.
??No clue why, i've tried adding stripslashes($_POST['groupname']; and same thing happens
<input name='groupname' type='hidden' value='$groupname' />
Will generate:
<input name='groupname' type='hidden' value='Mr Davis's Group' />
^----
At the indicated spot, the browser's parser will see the 'end' of the value=, followed by some unknown attribute s and a broken attribute Group '.
To embed this type of text in a form, you need to use htmlspecialchars(), which will convert any HTML metacharacters (<, >, ', ") into their character entity equivalents, so they can be safely embedded in a form.
addslashes() is a deprecated method of "safely" adding something into a database. It will not make something safe to embed in HTML.
这篇关于带有撇号的mysql文本值没有正确显示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
