html编码输出&&错误的字符串错误 [英] html-encode output && incorrect string error
问题描述
我的数据包括阿拉伯字符,在mysql中看起来像垃圾,但在浏览器上运行时显示正确。我的问题:
- 如何对输出进行html编码?
- 我的所有文件:
< meta http-equiv =Content-Typecontent =text / html; charset = utf-8>
code>错误:第1行的'cQuotes'列不正确的字符串值:'\xE4\xEE\xC3\xD8\xEF\xE6 ...'
我正在使用php / mysql平台。
html:
<!doctype html&
< head>
< meta http-equiv =Content-Typecontent =text / html; charset = utf-8>
< title>您最喜欢的行情< / title>
< link rel =stylesheettype =text / csshref =style.css/>
< link rel =stylesheethref =css / validationEngine.jquery.csstype =text / cssmedia =screencharset =utf-8/>
< script type =text / javascriptsrc =scripts / jquery-1.4.2.js>< / script>
< script src =scripts / jquery.validationEngine-en.jstype =text / javascript>< / script>
< script src =scripts / jquery.validationEngine.jstype =text / javascript>< / script>
< script type =text / javascript>
$(document).ready(function(){
$(#submitForm)。validationEngine()
})
< / script>
< / head>
< body>
< div class =container>
< div class =center_div>
< h2>提交您的报价< / h2>
< fieldset>
< form id =submitFormaction =qinsert.phpmethod =post>
< div class =field>
< label>作者:< / label>
< input id =authorname =authortype =textclass =validate [required,custom [onlyLetter],length [0,100]]>
< / div>< br />
< div class =field>
< label> Quote:< / label>
< textarea id =quotename =quoteclass =validate [required,length [0,1000]]>< / textarea>
< br />
< / div>
< input id =button1type =submitvalue =Submitclass =submit/>< br />
< input id =button2type =resetvalue =Reset/>
< / form>
< / fieldset>
< / div>
< / div>
< / body> ;,
< / html>
///////////////////// /
查询:php:
//<?php
// header('Content-Type:text / html; charset = UTF-8');
//?>
<!doctype html>
< head>
< meta http-equiv =Content-Typecontent =text / html; charset = utf-8>
< link rel =stylesheettype =text / csshref =style2.css/>
< title>您的报价数据库< / title>
< / head>
< body>
<?php
include'config.php';
echoConnected< br />;
//检查引号和撇号
$ author ='';
$ quote ='';
$ author = $ _POST ['author'];
$ quote = $ _POST ['quote'];
$ author = mysql_real_escape_string(trim($ author));
$ quote = mysql_real_escape_string(trim($ quote));
// **************************
//验证数据
$ query =SELECT * FROM Quotes where cQuotes ='$ quote'limit 1;;
$ result = mysql_query($ query,$ conn);
//现在检查行数是否为0
if(mysql_num_rows($ result)> 0){
header(Location:/ error .html);
exit;
}
//插入数据
// mysql_query(SET NAMES'utf8');
// mysql_query(SET CHARACTER SET utf8);
$ sql =INSERT INTO Quotes(vauthor,cquotes)
VALUES('$ author','$ quote');
if(!mysql_query($ sql,$ conn))
{
die('Error:'。mysql_error());
}
echo< div class ='container'>< p>< label class ='lbl_record'>记录已成功添加!< / label&
echo< a href ='qform.html'>提交新报价!< / a>< / p>;
// **************************
//选择数据
$ result = mysql_query(SELECT * FROM Quotes ORDER BY idQuotes DESC);
echo< div class ='center_div'>;
echo< table>
< thead>
< tr>
< th>作者< / th>
& >
< / tr>
< / thead>;
while($ row = mysql_fetch_array($ result))
{
echo< tbody>< tr>;
echo< td width ='150px'> 。 $ row ['vAuthor']。 < / td>;
echo< td> 。 $ row ['cQuotes']。 < / td>;
echo< / tr>;
}
echo< / tbody>< / table>;
echo< / div>< / div>;
// **************************
include'close_config.php';
?>
< / body>
< / html>
解决方案
值:'\xE4\xEE\xC3\xD8\xEF\xE6 ...'
$ b b这看起来像是ISO-8859-6中编码的阿拉伯字符串。如果您收到一个ISO-8859-6字节字符串并尝试将其插入到UTF-8数据库表中,您将收到此错误。
您的脚本不应该已经从浏览器收到ISO-8859-6,如果您的表单页面正确标记为UTF-8,因为
meta
会暗示。在浏览器中检查当窗体显示时,View-> Encoding菜单的UTF-8被选中。< meta>
可能会被web服务器覆盖一个真实的Content-Type:text / html; charset = ...
头。
如果你的PHP试图使用错误的字符集与服务器通信,这也可能发生。我看到您已注释掉了
SET NAMES
...我会使用mysql_set_charset
('utf8');
。echo< td> 。 $ row ['cQuotes']。 < / td>;
您需要对这里的输出进行HTML编码,但不是因为字符集问题。任何
<
和&
字符需要在文本中编码,否则他们可能会注入不需要的HTML标记这种情况下你有跨站点脚本的问题。echo'< td>'。htmlspecialchars($ row ['cQuotes '])。'< / td>';
Aside:...但是,PHP是一种模板语言。使用它,不要尝试自己做字符串模板来打击它。
< table&
<?php while($ row = mysql_fetch_array($ result)){?>
< tr>
< td width =150><?php h($ row ['vAuthor'])?>< / td>
< td><?php h($ row ['cQuotes'])?>< / td>
< / tr>
<?php}?>
< / table>
(
width =150px t工作,
px
仅适用于CSS。)上面假设这样的帮助函数停止你输入htmlspecialchars
这么多:function h($ s){
echo htmlspecialchars($ s,ENT_QUOTES);
}
my data includes arabic characters which looks like garbage in mysql but displays correctly when run on browser. my questions:
- how do i html-encode the output?
- if i add this to all my files:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
i get this error:Error: Incorrect string value: '\xE4\xEE\xC3\xD8\xEF\xE6...' for column 'cQuotes' at row 1
i'm working on php/mysql platform.
insertion form in html:
<!doctype html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Your Favorite Quotes</title>
<link rel="stylesheet" type="text/css" href="style.css" />
<link rel="stylesheet" href="css/validationEngine.jquery.css" type="text/css" media="screen" charset="utf-8" />
<script type="text/javascript" src="scripts/jquery-1.4.2.js"></script>
<script src="scripts/jquery.validationEngine-en.js" type="text/javascript"></script>
<script src="scripts/jquery.validationEngine.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
$("#submitForm").validationEngine()
})
</script>
</head>
<body>
<div class="container">
<div class="center_div">
<h2>Submit Your Quote</h2>
<fieldset>
<form id="submitForm" action="qinsert.php" method="post">
<div class="field">
<label>Author: </label>
<input id="author" name="author" type="text" class="validate[required,custom[onlyLetter],length[0,100]]">
</div><br />
<div class="field">
<label>Quote: </label>
<textarea id="quote" name="quote" class="validate[required, length[0,1000]]"></textarea>
<br />
</div>
<input id="button1" type="submit" value="Submit" class="submit" /><br />
<input id="button2" type="reset" value="Reset" />
</form>
</fieldset>
</div>
</div>
</body>
</html>
//////////////////////
query in php:
//<?php
//header('Content-Type: text/html; charset=UTF-8');
//?>
<!doctype html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="style2.css" />
<title>Your Quote Databank</title>
</head>
<body>
<?php
include 'config.php';
echo "Connected <br />";
//check for quotes and apostrophes
$author = '';
$quote = '';
$author = $_POST['author'];
$quote = $_POST['quote'];
$author = mysql_real_escape_string(trim($author));
$quote = mysql_real_escape_string(trim($quote));
//**************************
//validating data
$query = "SELECT * FROM Quotes where cQuotes = '$quote' limit 1;";
$result = mysql_query($query, $conn);
//now check that the number of rows is 0
if (mysql_num_rows($result) > 0 ) {
header("Location: /error.html");
exit;
}
//inserting data
//mysql_query("SET NAMES 'utf8'");
//mysql_query("SET CHARACTER SET utf8");
$sql="INSERT INTO Quotes (vauthor, cquotes)
VALUES ('$author', '$quote')";
if (!mysql_query($sql,$conn))
{
die('Error: ' . mysql_error());
}
echo "<div class='container'><p><label class='lbl_record'> Record Added Successfully!</label>";
echo "<a href='qform.html'> Submit a New Quote!</a></p>";
//**************************
//selecting data
$result = mysql_query("SELECT * FROM Quotes ORDER BY idQuotes DESC");
echo "<div class='center_div'>";
echo "<table>
<thead>
<tr>
<th>Author</th>
<th>Quotes</th>
</tr>
</thead>";
while($row = mysql_fetch_array($result))
{
echo "<tbody><tr>";
echo "<td width='150px'>" . $row['vAuthor'] . "</td>";
echo "<td>" . $row['cQuotes'] . "</td>";
echo "</tr>";
}
echo "</tbody></table>";
echo "</div></div>";
//**************************
include 'close_config.php';
?>
</body>
</html>
Incorrect string value: '\xE4\xEE\xC3\xD8\xEF\xE6...'
That looks like an Arabic string encoded in ISO-8859-6. You will get this error if you have received an ISO-8859-6 byte string and are attempting to insert it into a UTF-8 database table.
Your script should not have received ISO-8859-6 from the browser, if your form page is correctly marked up as UTF-8 as the meta
would imply. Check in the browser that when the form is displayed, the View->Encoding menu has ‘UTF-8’ ticked. The <meta>
might be overridden by the web server passing back a real Content-Type: text/html;charset=...
header.
This could also possibly happen if your PHP is trying to use the wrong charset to talk to the server. I see you've commented out a SET NAMES
... I'd use mysql_set_charset
('utf8');
in preference.
echo "<td>" . $row['cQuotes'] . "</td>";
You need to HTML-encode the output here but not because of charset issues. Any <
and &
characters need encoding in the text otherwise they can inject unwanted HTML markup, including JavaScript, in which case you have cross-site-scripting problems.
echo '<td>'.htmlspecialchars($row['cQuotes']).'</td>';
Aside: ...however, PHP is a templating language. Use it, don't fight it by trying to do string templating yourself.
<table>
<?php while ($row= mysql_fetch_array($result)) { ?>
<tr>
<td width="150"><?php h($row['vAuthor']) ?></td>
<td><?php h($row['cQuotes']) ?></td>
</tr>
<?php } ?>
</table>
(width="150px"
doesn't work, px
is for CSS only.) The above assumes a helper function like this to stop you having to type htmlspecialchars
so much:
function h($s) {
echo htmlspecialchars($s, ENT_QUOTES);
}
这篇关于html编码输出&&错误的字符串错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!