Laravel e函数(htmlentities)无法完全正常运行，脚本仍然可以执行(仅一次) [英] Laravel e function (htmlentities) is not fully working, scripts can still be executed (only once)

查看：267 发布时间：2020/4/23 9:48:38 php laravel laravel-4 html-entities htmlspecialchars

本文介绍了Laravel e函数(htmlentities)无法完全正常运行，脚本仍然可以执行(仅一次)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试在Laravel中使用e函数，该函数等效于htmlentities PHP函数.

I am trying to use the e function in Laravel which is equivalent to the htmlentities PHP function.

在我的表单"视图和Controller中，我试图保存一个使用如下e函数的文档:

In my Form view and Controller I am trying to save a document that uses the e function which looks like this:

表单视图:

{{ Form::text('client_name') }}

控制器:

$client = new Client;
$client->client_name = e(Input::get('client_name'));
$client->save();

说我在客户端名称字段中写了<script type="text/javascript">alert('gotcha!');</script>.然后，我将其保存到数据库，但是当保存到db后重定向时，它将运行一次此脚本！同样只是为了确保e函数正常工作，我查看了我的数据库，并按预期进行了操作:

Say I wrote <script type="text/javascript">alert('gotcha!');</script> into the client_name field. I then save it to database but when it redirects after it saves to db, it runs this script once! Also just to make sure that the e function was working correctly I looked into my db and it is as expected:

"<script type="text/javascript">alert('gotcha!');</script>"

我的问题是如何避免执行JavaScript alert('gotcha') ??

My question is how can I avoid executing that javascript alert('gotcha')??

还是将这个e函数或htmlentities函数放在错误的位置?'

Or am I putting this e function or the htmlentities function in the wrong place?'

谢谢！

推荐答案

您在错误的位置运行了e().转义最好保存为数据输出而不是输入.

You are running the e() at the wrong place. Escaping is best saved for output of data - not the input.

您的控制器应执行以下操作:

Your controller should do this:

$client = new Client;
$client->client_name = Input::get('client_name');
$client->save();

您可以在表单"视图中进行以下操作-因为表单"会自动转义"数据

Your Form view is ok with the following - because Form "escapes" the data automatically

{{ Form::text('client_name') }}

但是在创建客户端并进行重定向之后-我敢打赌，您正在执行此操作

But after you create the client and do the redirect - I bet somewhere you are doing this

{{ $client->client_name }}

您应该将其更改为此

{{{ $client->client_name }}}

请注意第三个{}-它会自动为您转义数据

Note the third { } - which will automatically escape the data for you

这篇关于Laravel e函数(htmlentities)无法完全正常运行，脚本仍然可以执行(仅一次)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

Laravel e函数(htmlentities)无法完全正常运行，脚本仍然可以执行(仅一次) [英] Laravel e function (htmlentities) is not fully working, scripts can still be executed (only once)

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录关闭

Laravel e函数(htmlentities)无法完全正常运行，脚本仍然可以执行(仅一次) [英] Laravel e function (htmlentities) is not fully working, scripts can still be executed (only once)

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录 关闭

登录关闭