避免在< INPUT>中的双重编码同时使用htmlspecialchars [英] Avoiding double encoding in <INPUT> while using htmlspecialchars
问题描述
假设您有一个文字< INPUT> 代表使用者的姓名,并决定输入
Johnny's Pizza
约翰尼的披萨
但是如果用户决定编辑,我重新填充< INPUT> 的文本如下
echo form_input('name',htmlspecialchars($ name,ENT_QUOTES,'UTF-8'));
将显示为
Johnny&#039的披萨
p>
PHP.net有一个建议使用
echo form_input('name',htmlspecialchars($ name,ENT_QUOTES,'UTF -8',FALSE));
即 FALSE c $ c> $ double_encoding ,但我仍然得到
Johnny&#039的披萨
在输入字段中。
一个绕过这个双重编码的方法?在使用Codeigniter 2.0.3的同时仍然可以使用 ENT_QUOTES ?
使用 htmlspecialchars 是正确的方法,不会给出您描述的结果
假设 form_input 函数期望接收文本而不是HTML,因此,它运行 htmlspecialchars 本身。如果是,解决方案是只传递它的文本,而不是首先编码的HTML值。
Say you have a text <INPUT> for a user's name and they decide to type in
Johnny's Pizza
This is saved in DB as
Johnny's Pizza
But if the user decides to edit, I repopulate the text <INPUT> as follows
echo form_input('name', htmlspecialchars($name, ENT_QUOTES, 'UTF-8'));
which will show as
Johnny's Pizza
inside the input field.
PHP.net has a comment here suggesting to use
echo form_input('name', htmlspecialchars($name, ENT_QUOTES, 'UTF-8', FALSE));
that is, FALSE referring to $double_encoding, but I still get
Johnny's Pizza
in the input field.
Is there a way around this double encoding? Is this something that can be fixed while still using ENT_QUOTES?
Using Codeigniter 2.0.3.
Using htmlspecialchars is the correct approach, and won't give the result you describe if you output it directly into the page.
Presumably the form_input function expects to receive text and not HTML, so it runs htmlspecialchars itself. If so, the solution is to just pass it text and not encode the value for HTML first.
这篇关于避免在< INPUT>中的双重编码同时使用htmlspecialchars的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
