'input type =" text"'中使用双引号值不会工作,字符串停在双引号! [英] Use of double quotes in a 'input type="text"' value wont work, string stops at double-quote !
问题描述
我怎样才能让用户在文本框内使用'''(双引号)......
每当我使用双引号字段(值),然后当在我的PHP文件中接收到变量时:
$ text = mysql_real_escape_string($ _ POST ['主题']);
然后回显它,我得到一个正确转义的字符串,但字符串停在双引号之前!
我不希望它因为双引号停止!
Javascript用于验证文本字段,所以它不是空的,也许我应该在验证时使用javascript做更多的事情,并更改值,这样php可以得到正确的值,包括双引号?
谢谢
更新
CODE :
$ headline = mysql_real_escape_string($ _ POST ['headline']);
echo htmlentities($ headline);
我已经尝试合并上述两个,只会给出相同的结果。
注意:我还尝试将 ENT_QUOTES
添加到htmlentities函数中......
未格式化的字符串为输入:
+,。 ; : - _ space& %! ? =#*½@ / \ [] < > 'hej hej
会在回显时输出:
+,。;: - _ space&%!?=#* \\ / \\ []<>
解决方案/ code>或htmlentities($ str,ENT_QUOTES)
将引号转换为HTML实体& quot; $ c $这些函数也会照顾其他应该被编码的字符。
mysql_real_escape_string()
用于在数据库查询中转义单引号,以便您可以正确输入带有单引号的字符串到数据库中(并避免SQL注入)。 编辑:添加参数。 micahwittmanHow can I make it possible for users to use the '"' (double quote) inside a textfield...
Whenever I do use double-quote in the field (the value) then when receiving the variable in my PHP file with:
$text=mysql_real_escape_string($_POST['subject']);
and then echo it, I get a string which is escaped properly, but the string stops exactly before the double-quote!
I dont want it to stop because of the double-quote though!
Javascript is used to validate the text-field so its not empty, maybe I should do something more with javascript when validating, and altering the value, so php can get the correct value including the double quotes?
Thanks
UPDATE
CODE:
$headline= mysql_real_escape_string($_POST['headline']); echo htmlentities($headline);
I have tried merging the two above, will only give the same results. NOTE: I have ALSO TRIED adding
ENT_QUOTES
into the htmlentities function...Unformatted string as entered:
+ , . ; : - _ space & % ! ? = # * ½ @ / \ [ ]< > " ' hej hej
will output this when echoing it:
+ , . ; : - _ space & % ! ? = # * ½ @ / \\ [ ]< >
解决方案You have to use
htmlspecialchars($str, ENT_QUOTES)
orhtmlentities($str, ENT_QUOTES)
to convert the quotes to the HTML entity"
. Those function also take care of other characters that should be encoded.
mysql_real_escape_string()
is only meant for escaping single quotes in database queries, so that you can correctly enter strings with single quotes into your database (and avoid SQL injections).EDIT: Added parameters. Thanks to micahwittman
这篇关于'input type =" text"'中使用双引号值不会工作,字符串停在双引号!的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文