PHP 不断转义我的表单输入（在我的 ' 后面添加 \）

发布于 2024-09-02 19:04:34 字数 634 浏览 8 评论 0原文

因此，基本上，当我输入带有撇号的内容（例如约翰的自行车）时，它会与约翰的自行车相呼应。代码如下：

<?php
$searchname = $_POST["name"] ;
echo "$searchname";

我的表单使用 POST 方法。有什么办法可以阻止这种情况吗？

另外，为了使输入不区分大小写，我将如何在这一部分中进行操作？

$searchsport = $_POST['sport'];
$sportarray = array(
"Football" => "Fb01",
"Cricket" => "ck32",
"Tennis" => "Tn43",
);
if(isset($sportarray[$searchsport])){
header("Location: ".$sportarray[$searchsport].".html");
die;
}
    //what code is needed to make the if statement work? I've looked up some weird ways such as using array_change_key_case (which I clearly don't understand).

原文

So basically when I type something with an apostrophe, such as John's bike it will echo John\'s bike. The code below:

<?php
$searchname = $_POST["name"] ;
echo "$searchname";

My form uses the POST method. Is there any way to stop this?

Also to make input case insensitive how would I go about in this segment?

$searchsport = $_POST['sport'];
$sportarray = array(
"Football" => "Fb01",
"Cricket" => "ck32",
"Tennis" => "Tn43",
);
if(isset($sportarray[$searchsport])){
header("Location: ".$sportarray[$searchsport].".html");
die;
}
    //what code is needed to make the if statement work? I've looked up some weird ways such as using array_change_key_case (which I clearly don't understand).

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

孤凫 2024-09-09 19:04:34

这很可能是因为您有魔术引号打开，试试这个：

if (get_magic_quotes_gpc())
{
  $searchname = stripslashes($_POST["name"]);
  echo "$searchname";
}
else
{
  $searchname = $_POST["name"];
  echo "$searchname";
}

事实上，您可以创建一个函数来自动为您执行此操作：

function fixIt($str)
{
    if (is_array($str))
    {
        foreach ($str as &$value)
        {
            $value = fixIt($value);
        }

        return $str;
    }
    else
    {
        return stripslashes($str);
    }    
}

然后您可以简单地执行以下操作：

$searchname = fixIt($_POST["name"]);
echo $searchname;

注意： 您还可以禁用 php.ini 中丑陋的魔术引号因为它们是有问题的并且正确地被弃用并且不再是 PHP 的未来版本。

This is most likely because you have magic quotes turned on, try this:

if (get_magic_quotes_gpc())
{
  $searchname = stripslashes($_POST["name"]);
  echo "$searchname";
}
else
{
  $searchname = $_POST["name"];
  echo "$searchname";
}

In fact, you could create a function instead to do it automatically for you:

function fixIt($str)
{
    if (is_array($str))
    {
        foreach ($str as &$value)
        {
            $value = fixIt($value);
        }

        return $str;
    }
    else
    {
        return stripslashes($str);
    }    
}

And then you can simply do:

$searchname = fixIt($_POST["name"]);
echo $searchname;

Note: You can also disable the ugly magic quotes from php.ini as they are problematic and rightly deprecated and out of the future versions of PHP.

回复收藏 0 原文

尤怨 2024-09-09 19:04:34

有几种方法。

关闭magic_quotes_gpc在 php.ini 中
<前><代码>magic_quotes_gpc = 0

在请求的开头，运行 stripslashes

if (get_magic_quotes_gpc() && !function_exists('FixMagicQuotesGpc')) {
    函数 FixMagicQuotesGpc($data) {
        如果（is_array（$数据））{
            foreach ($data as &$value) {
                $值 = FixMagicQuotesGpc($值);
            }
            返回$数据；
        } 别的 {
            返回条斜杠（$数据）；
        }
    }
    $_GET = FixMagicQuotesGpc($_GET);
    $_POST = FixMagicQuotesGpc($_POST);
    $_REQUEST = FixMagicQuotesGpc($_REQUEST);
}

编辑：添加 !function_exists 部分。这样，您不必担心之前是否运行过它，如果它已经运行过（通过另一个文件等），它就会跳过它

There are a few ways.

Turn off magic_quotes_gpc in php.ini
```
magic_quotes_gpc = 0
```

In the beginning of the request, run stripslashes

if (get_magic_quotes_gpc() && !function_exists('FixMagicQuotesGpc')) {
    function FixMagicQuotesGpc($data) {
        if (is_array($data)) {
            foreach ($data as &$value) {
                $value = FixMagicQuotesGpc($value);
            }
            return $data;
        } else {
            return stripslashes($data);
        }
    }
    $_GET = FixMagicQuotesGpc($_GET);
    $_POST = FixMagicQuotesGpc($_POST);
    $_REQUEST = FixMagicQuotesGpc($_REQUEST);
}

EDIT: Added the !function_exists part. This way, you don't need to worry if you ran it before, it'll just skip it if it's already been run (by another file, etc)

回复收藏 0 原文

染年凉城似染瑾 2024-09-09 19:04:34

这是由 magic_quotes_gpc< 控制的/code>配置变量。这确实很烦人（并且已弃用！）。

您应该在 php.ini 中将其关闭，或者询问您的网络托管服务商是否可以对此采取措施。

如果不能，您可以使用 addslashes 和 stripslashes 手动转义/取消转义。但请注意 - 您应该使用比 addslashes 更安全的东西来提交到数据库。 mysql_real_escape_string是更好的选择，或者特定于您的数据库的函数：

mysqli_escape_string
sqlite_escape_string
更大的列表

回复收藏 0 原文

只等公子 2024-09-09 19:04:34

我在配置文件中包含以下脚本，以在必要时修复魔术引号。这样我就不必担心主机的魔术引号设置。

<?php

set_magic_quotes_runtime(0);

function _remove_magic_quotes(&$input) {
    if(is_array($input)) {
        foreach(array_keys($input) as $key) _remove_magic_quotes($input[$key]);
    }
    else $input = stripslashes($input);
}
if(get_magic_quotes_gpc()) {
    _remove_magic_quotes($_REQUEST);
    _remove_magic_quotes($_GET);
    _remove_magic_quotes($_POST);
    _remove_magic_quotes($_COOKIE);
}

return true;

?>

I include the following script within my config file to fix magic quotes if necessary. That way I don't have to worry about the magic quotes settings of the host.

<?php

set_magic_quotes_runtime(0);

function _remove_magic_quotes(&$input) {
    if(is_array($input)) {
        foreach(array_keys($input) as $key) _remove_magic_quotes($input[$key]);
    }
    else $input = stripslashes($input);
}
if(get_magic_quotes_gpc()) {
    _remove_magic_quotes($_REQUEST);
    _remove_magic_quotes($_GET);
    _remove_magic_quotes($_POST);
    _remove_magic_quotes($_COOKIE);
}

return true;

?>

回复收藏 0 原文

残龙傲雪 2024-09-09 19:04:34

Magic Quotes...当 PHP 6 最终到来并消除这个不兼容的怪物时，我会非常高兴。

最好的解决方案是通过设置在 php.ini 中关闭它

magic_quotes_gpc = Off

如果您无权访问 php.ini 但正在使用 Apache，您还可以在 .htaccess 文件中禁用它

php_flag magic_quotes_gpc Off

：沟渠方案是在您的应用程序中禁用它。 PHP 手册的禁用 Magic Quotes 页面建议使用此方法：

<?php
if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}
?>

Magic Quotes... I'll be so happy when PHP 6 finally arrives and removes this monster of incompatibility.

The best solution is to turn it off in php.ini by setting

magic_quotes_gpc = Off

If you don't have access to php.ini but are using Apache, you can also disable it in an .htaccess file:

php_flag magic_quotes_gpc Off

The last ditch scenario is to disable it in your application. the PHP Manual's Disabling Magic Quotes page suggests using this:

<?php
if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}
?>

回复收藏 0 原文

~没有更多了~