'input type =" text"'中使用双引号值不会工作，字符串停在双引号！ [英] Use of double quotes in a 'input type="text"' value wont work, string stops at double-quote !

问题描述

我怎样才能让用户在文本框内使用'''（双引号）......

每当我使用双引号字段（值），然后当在我的PHP文件中接收到变量时：

  $ text = mysql_real_escape_string（$ _ POST ['主题']）; 
  

然后回显它，我得到一个正确转义的字符串，但字符串停在双引号之前！

我不希望它因为双引号停止！

Javascript用于验证文本字段，所以它不是空的，也许我应该在验证时使用javascript做更多的事情，并更改值，这样php可以得到正确的值，包括双引号？

谢谢

更新

CODE ：

  $ headline = mysql_real_escape_string（$ _ POST ['headline']）; 
 echo htmlentities（$ headline）; 
  

我已经尝试合并上述两个，只会给出相同的结果。
注意：我还尝试将 ENT_QUOTES 添加到htmlentities函数中......

未格式化的字符串为输入：

  +，。 ; ： -  _ space& ％！ ？ =＃*½@ / \ [] < > 'hej hej 
  

会在回显时输出：

  +，。;： -  _ space&％！？=＃* \\ / \\ []<> 
  
解决方案/ code>或 htmlentities（$ str，ENT_QUOTES）将引号转换为HTML实体& quot;  
 
 
  mysql_real_escape_string（）用于在数据库查询中转义单引号，以便您可以正确输入带有单引号的字符串到数据库中（并避免SQL注入）。 编辑：添加参数。 micahwittman 
 
How can I make it possible for users to use the '"' (double quote) inside a textfield...

Whenever I do use double-quote in the field (the value) then when receiving the variable in my PHP file with:
   $text=mysql_real_escape_string($_POST['subject']);
and then echo it, I get a string which is escaped properly, but the string stops exactly before the double-quote!

I dont want it to stop because of the double-quote though!

Javascript is used to validate the text-field so its not empty, maybe I should do something more with javascript when validating, and altering the value, so php can get the correct value including the double quotes?

Thanks

UPDATE

CODE:
   $headline= mysql_real_escape_string($_POST['headline']);
   echo htmlentities($headline);
I have tried merging the two above, will only give the same results.
NOTE: I have ALSO TRIED adding ENT_QUOTES into the htmlentities function...

Unformatted string as entered:
   + , . ; : - _ space & % ! ? = # * ½ @ / \ [ ]< > " ' hej hej
will output this when echoing it:
   + , . ; : - _ space & % ! ? = # * ½ @ / \\ [ ]< > 

解决方案
You have to use htmlspecialchars($str, ENT_QUOTES) or htmlentities($str, ENT_QUOTES) to convert the quotes to the HTML entity &quot;. Those function also take care of other characters that should be encoded.

mysql_real_escape_string() is only meant for escaping single quotes in database queries, so that you can correctly enter strings with single quotes into your database (and avoid SQL injections).

EDIT: Added parameters. Thanks to micahwittman

                        
这篇关于'input type =&quot; text&quot;'中使用双引号值不会工作，字符串停在双引号！的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！