html编码输出&&错误的字符串错误 [英] html-encode output && incorrect string error

问题描述

我的数据包括阿拉伯字符，在mysql中看起来像垃圾，但在浏览器上运行时显示正确。我的问题：

• 如何对输出进行html编码？


• 我的所有文件：< meta http-equiv =Content-Typecontent =text / html; charset = utf-8> code>错误：第1行的'cQuotes'列不正确的字符串值：'\xE4\xEE\xC3\xD8\xEF\xE6 ...'

我正在使用php / mysql平台。

html：

 <！doctype html& 
< head> 
< meta http-equiv =Content-Typecontent =text / html; charset = utf-8> 
< title>您最喜欢的行情< / title> 
< link rel =stylesheettype =text / csshref =style.css/> 
< link rel =stylesheethref =css / validationEngine.jquery.csstype =text / cssmedia =screencharset =utf-8/> 
< script type =text / javascriptsrc =scripts / jquery-1.4.2.js>< / script> 
< script src =scripts / jquery.validationEngine-en.jstype =text / javascript>< / script> 
< script src =scripts / jquery.validationEngine.jstype =text / javascript>< / script> 
< script type =text / javascript> 
 $（document）.ready（function（）{
 $（＃submitForm）。validationEngine（）
}）
< / script> 
< / head> 
< body> 
 
< div class =container> 
< div class =center_div> 
< h2>提交您的报价< / h2> 
< fieldset> 
< form id =submitFormaction =qinsert.phpmethod =post> 
< div class =field> 
< label>作者：< / label> 
< input id =authorname =authortype =textclass =validate [required，custom [onlyLetter]，length [0,100]]> 
< / div>< br /> 
< div class =field> 
< label> Quote：< / label> 
< textarea id =quotename =quoteclass =validate [required，length [0,1000]]>< / textarea> 
< br /> 
< / div> 
< input id =button1type =submitvalue =Submitclass =submit/>< br /> 
< input id =button2type =resetvalue =Reset/> 
< / form> 
< / fieldset> 
< / div> 
< / div> 
 
 
< / body> ;, 
< / html> 
  

///////////////////// /

查询：php：

  //<？php 
 // header（'Content-Type：text / html; charset = UTF-8'）; 
 //？> 
<！doctype html> 
< head> 
< meta http-equiv =Content-Typecontent =text / html; charset = utf-8> 
< link rel =stylesheettype =text / csshref =style2.css/> 
< title>您的报价数据库< / title> 
< / head> 
< body> 
 
<？php 
 include'config.php'; 
 
 echoConnected< br />; 
 
 
 //检查引号和撇号
 
 $ author =''; 
 $ quote =''; 
 
 $ author = $ _POST ['author']; 
 $ quote = $ _POST ['quote']; 
 
 $ author = mysql_real_escape_string（trim（$ author））; 
 $ quote = mysql_real_escape_string（trim（$ quote））; 
 
 
 // ************************** 
 
 
 //验证数据
 
 $ query =SELECT * FROM Quotes where cQuotes ='$ quote'limit 1;; 
 
 $ result = mysql_query（$ query，$ conn）; 
 
 //现在检查行数是否为0 
 
 if（mysql_num_rows（$ result）> 0）{
 header（Location：/ error .html）; 
 exit; 
} 
 
 
 
 //插入数据
 // mysql_query（SET NAMES'utf8'）; 
 // mysql_query（SET CHARACTER SET utf8）; 
 $ sql =INSERT INTO Quotes（vauthor，cquotes）
 VALUES（'$ author'，'$ quote'）; 
 
 if（！mysql_query（$ sql，$ conn））
 {
 die（'Error：'。mysql_error（））; 
} 
 echo< div class ='container'>< p>< label class ='lbl_record'>记录已成功添加！< / label& 
 echo< a href ='qform.html'>提交新报价！< / a>< / p>; 
 
 // ************************** 
 
 
 //选择数据
 $ result = mysql_query（SELECT * FROM Quotes ORDER BY idQuotes DESC）; 
 
 echo< div class ='center_div'>; 
 echo< table> 
< thead> 
< tr> 
< th>作者< / th> 
& > 
< / tr> 
< / thead>; 
 
 while（$ row = mysql_fetch_array（$ result））
 {
 echo< tbody>< tr>; 
 echo< td width ='150px'> 。 $ row ['vAuthor']。 < / td>; 
 echo< td> 。 $ row ['cQuotes']。 < / td>; 
 echo< / tr>; 
} 
 echo< / tbody>< / table>; 
 echo< / div>< / div>; 
 // ************************** 
 
 include'close_config.php'; 
 
？> 
 
< / body> 
< / html> 
  
 
 
解决方案
 
 值：'\xE4\xEE\xC3\xD8\xEF\xE6 ...'
  
 
 $ b b 
这看起来像是ISO-8859-6中编码的阿拉伯字符串。如果您收到一个ISO-8859-6字节字符串并尝试将其插入到UTF-8数据库表中，您将收到此错误。
 
 
 
您的脚本不应该已经从浏览器收到ISO-8859-6，如果您的表单页面正确标记为UTF-8，因为 meta 会暗示。在浏览器中检查当窗体显示时，View-> Encoding菜单的UTF-8被选中。 < meta> 可能会被web服务器覆盖一个真实的 Content-Type：text / html; charset = ... 头。
 
 
 
如果你的PHP试图使用错误的字符集与服务器通信，这也可能发生。我看到您已注释掉了 SET NAMES  ...我会使用  mysql_set_charset   （'utf8'）; 。
  echo< td> 。 $ row ['cQuotes']。 < / td>; 
  
您需要对这里的输出进行HTML编码，但不是因为字符集问题。任何< 和& 字符需要在文本中编码，否则他们可能会注入不需要的HTML标记这种情况下你有跨站点脚本的问题。
  echo'< td>'。htmlspecialchars（$ row ['cQuotes ']）。'< / td>'; 
  
 Aside：...但是，PHP是一种模板语言。使用它，不要尝试自己做字符串模板来打击它。
 < table& 
<？php while（$ row = mysql_fetch_array（$ result））{？> 
< tr> 
< td width =150><？php h（$ row ['vAuthor']）？>< / td> 
< td><？php h（$ row ['cQuotes']）？>< / td> 
< / tr> 
<？php}？> 
< / table> 
  
（ width =150px t工作， px 仅适用于CSS。）上面假设这样的帮助函数停止你输入 htmlspecialchars 这么多：
  function h（$ s）{
 echo htmlspecialchars（$ s，ENT_QUOTES）; 
} 
  
 
my data includes arabic characters which looks like garbage in mysql but displays correctly when run on browser. my questions:



how do i html-encode the output?
if i add this to all my files: <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> i get this error: Error: Incorrect string value: '\xE4\xEE\xC3\xD8\xEF\xE6...' for column 'cQuotes' at row 1


i'm working on php/mysql platform.

insertion form in html:
<!doctype html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Your Favorite Quotes</title>
<link rel="stylesheet" type="text/css" href="style.css" /> 
<link rel="stylesheet" href="css/validationEngine.jquery.css" type="text/css" media="screen" charset="utf-8" />
<script type="text/javascript" src="scripts/jquery-1.4.2.js"></script>
<script src="scripts/jquery.validationEngine-en.js" type="text/javascript"></script> 
<script src="scripts/jquery.validationEngine.js" type="text/javascript"></script>
<script type="text/javascript">
            $(document).ready(function() { 
                $("#submitForm").validationEngine() 
            })  
</script>
</head>
<body>

<div class="container">
<div class="center_div">
<h2>Submit Your Quote</h2>
<fieldset>
<form id="submitForm" action="qinsert.php" method="post">
<div class="field">
<label>Author: </label>
<input id="author" name="author" type="text" class="validate[required,custom[onlyLetter],length[0,100]]">
</div><br />
<div class="field">
<label>Quote: </label>
<textarea id="quote" name="quote" class="validate[required, length[0,1000]]"></textarea>
<br />
</div>
<input id="button1" type="submit" value="Submit" class="submit" /><br />
<input id="button2" type="reset" value="Reset" /> 
</form>
</fieldset>
</div>
</div>


</body>
</html>
//////////////////////

query in php:
//<?php
//header('Content-Type: text/html; charset=UTF-8');
//?>
<!doctype html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="style2.css" /> 
<title>Your Quote Databank</title>
</head>
<body>

<?php
include 'config.php';

echo "Connected <br />";


//check for quotes and apostrophes

$author = '';
$quote = '';

$author = $_POST['author'];
$quote = $_POST['quote'];

$author = mysql_real_escape_string(trim($author)); 
$quote = mysql_real_escape_string(trim($quote)); 


//**************************


//validating data

$query = "SELECT * FROM Quotes where cQuotes = '$quote' limit 1;";

$result = mysql_query($query, $conn);

//now check that the number of rows is 0

if (mysql_num_rows($result) > 0 ) {
header("Location: /error.html");
exit;
}



//inserting data
//mysql_query("SET NAMES 'utf8'");
//mysql_query("SET CHARACTER SET utf8");
$sql="INSERT INTO Quotes (vauthor, cquotes)
VALUES ('$author', '$quote')";

if (!mysql_query($sql,$conn))
  {
  die('Error: ' . mysql_error());
  }
echo "<div class='container'><p><label class='lbl_record'> Record Added Successfully!</label>";
echo "<a href='qform.html'> Submit a New Quote!</a></p>";

//**************************


//selecting data
$result = mysql_query("SELECT * FROM Quotes ORDER BY idQuotes DESC");

echo "<div class='center_div'>";
echo "<table>
<thead>
<tr>
<th>Author</th>
<th>Quotes</th>
</tr>
</thead>";

while($row = mysql_fetch_array($result))
  {
  echo "<tbody><tr>";
  echo "<td width='150px'>" . $row['vAuthor'] . "</td>";
  echo "<td>" . $row['cQuotes'] . "</td>";
  echo "</tr>";
  }
echo "</tbody></table>";
echo "</div></div>";
//**************************

include 'close_config.php';

?>

</body>
</html>

解决方案
Incorrect string value: '\xE4\xEE\xC3\xD8\xEF\xE6...'
That looks like an Arabic string encoded in ISO-8859-6. You will get this error if you have received an ISO-8859-6 byte string and are attempting to insert it into a UTF-8 database table.

Your script should not have received ISO-8859-6 from the browser, if your form page is correctly marked up as UTF-8 as the meta would imply. Check in the browser that when the form is displayed, the View->Encoding menu has ‘UTF-8’ ticked. The <meta> might be overridden by the web server passing back a real Content-Type: text/html;charset=... header.

This could also possibly happen if your PHP is trying to use the wrong charset to talk to the server. I see you've commented out a SET NAMES... I'd use mysql_set_charset('utf8'); in preference.
echo "<td>" . $row['cQuotes'] . "</td>";
You need to HTML-encode the output here but not because of charset issues. Any < and & characters need encoding in the text otherwise they can inject unwanted HTML markup, including JavaScript, in which case you have cross-site-scripting problems.
echo '<td>'.htmlspecialchars($row['cQuotes']).'</td>';
Aside: ...however, PHP is a templating language. Use it, don't fight it by trying to do string templating yourself.
<table>
    <?php while ($row= mysql_fetch_array($result)) { ?>
        <tr>
            <td width="150"><?php h($row['vAuthor']) ?></td>
            <td><?php h($row['cQuotes']) ?></td>
        </tr>
    <?php } ?>
</table>
(width="150px" doesn't work, px is for CSS only.) The above assumes a helper function like this to stop you having to type htmlspecialchars so much:
function h($s) {
    echo htmlspecialchars($s, ENT_QUOTES);
}


                        
这篇关于html编码输出&amp;&amp;错误的字符串错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！