如何在 mysqli_real_escape_string 和 \nl 之间交替?
我一直在阅读 mysqli_real_escape_string() ,并且在正确转义我的内容后,当我再次将其拉出时,无法正确显示。
这是我的代码:
function update_section_content() {
$name = mysqli_real_escape_string($this->conn, $_POST['name']);
$text = mysqli_real_escape_string($this->conn, $_POST['content']);
// First, we do an update
$update_query = "UPDATE sections SET content = ? WHERE name = ?";
if($update_stmt = $this->conn->prepare($update_query)) {
$update_stmt->bind_param('ss', $text, $name);
$update_stmt->execute();
// If the update was successful, read in what we just updated
if($update_stmt->affected_rows == 1) {
$read_query = "SELECT content FROM sections WHERE name = ?";
if($read_stmt = $this->conn->prepare($read_query)) {
$read_stmt->bind_param('s', $name);
$read_stmt->execute();
$read_stmt->bind_result($content);
if($read_stmt->fetch()) {
echo nl2br($content);
}
}
}
$read_stmt->close();
$update_stmt->close();
}
我对以下代码的希望是它能够更新记录并转义任何坏字符,然后在成功后读回更新的查询,同时保持其先前的视觉完整性。 (也就是说,我希望文本区域中的内容能够回显以显示换行符而不是 br 标签。)
不幸的是,到目前为止,我仍然在转义后显示换行符。 我缺少什么?
非常感谢您的宝贵时间,非常感谢您提供的任何建议。
不幸的是,事实并非如此。 我仍然收到换行符
I've been doing some reading on mysqli_real_escape_string(), and, after getting my content properly escaped, I'm having some trouble getting to display properly when I pull it out again.
Here's the code I have:
function update_section_content() {
$name = mysqli_real_escape_string($this->conn, $_POST['name']);
$text = mysqli_real_escape_string($this->conn, $_POST['content']);
// First, we do an update
$update_query = "UPDATE sections SET content = ? WHERE name = ?";
if($update_stmt = $this->conn->prepare($update_query)) {
$update_stmt->bind_param('ss', $text, $name);
$update_stmt->execute();
// If the update was successful, read in what we just updated
if($update_stmt->affected_rows == 1) {
$read_query = "SELECT content FROM sections WHERE name = ?";
if($read_stmt = $this->conn->prepare($read_query)) {
$read_stmt->bind_param('s', $name);
$read_stmt->execute();
$read_stmt->bind_result($content);
if($read_stmt->fetch()) {
echo nl2br($content);
}
}
}
$read_stmt->close();
$update_stmt->close();
}
My hope for the following code was that it would update a record and escape any bad characters, and then, upon success, read the updated query back while maintaining its previous visual integrity. (That is, I'd like for the textarea this content gets echoed into to display newlines and not br tags.)
Unfortunately, as of now, I'm still getting newline characters shown after escaping. What am I missing?
Much thanks for your time, and any advice provided is greatly appreciated.
Unfortunately, that's not the case. I still get newline characters
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
由于您使用的是准备好的语句,因此您不应该转义字符串。
字符串转义适用于将值嵌入到 SQL 查询字符串本身中,但通过使用准备好的语句,您可以完全正确地避免这样做。
Since you're using prepared statements, you shouldn't also escape your strings.
String escaping is for when you're embedding the values into the SQL query string itself, but by using prepared statements, you're quite rightly avoiding doing that.