MySQL 斜杠和 nl2br
我正在尝试将从文本区域发布的 HTML 存储到数据库中。我在一个表单中有一个文本区域,我称之为“消息”。处理它的 PHP 代码是:
if(isset($_POST['submit'])){
if(isset($_POST['title']) && isset($_POST['message'])){
$title = $_POST['title'];
$message = $_POST['message'];
if(get_magic_quotes_gpc()){
$title = stripslashes($title);
$message = stripslashes($message);
}
$title = mysql_real_escape_string($title);
$message = mysql_real_escape_string($message);
$q = "INSERT INTO table (title,datetime,text) VALUES ('{$title}',NOW(),'{$message}')";
$rows_affected = $db->exec($q);
if($rows_affected > 0){
echo "<p>Done.</p>";
} else {
echo "<p>Failed. </p>";
}
}
}
我遇到的问题是检索它并将换行符转换为
$res = array();
$order = array("\r\n","\n","\r");
$replace = '<br />';
$q = "SELECT title,datetime,text FROM table";
$res = $db->get_all($q);
if($res){
foreach($res as $result){
$result['title'] = stripslashes($result['title']);
$result['text'] = str_replace($order, $replace, stripslashes($result['text']));
}
}
echo "<pre>";
print_r($res);
echo "</pre>";
我无法摆脱消息中那些讨厌的 \r\n 。我尝试将 $order 更改为,
$order = array("\\r\\n","\\n","\\r");
// and even
$order = array("\\\r\\\n","\\\n","\\\r");
但似乎没有任何效果。有什么想法吗?
I am trying to store HTML posted from a textarea into a database. I have a textarea inside a form which I have called "message". The PHP code that processes it is:
if(isset($_POST['submit'])){
if(isset($_POST['title']) && isset($_POST['message'])){
$title = $_POST['title'];
$message = $_POST['message'];
if(get_magic_quotes_gpc()){
$title = stripslashes($title);
$message = stripslashes($message);
}
$title = mysql_real_escape_string($title);
$message = mysql_real_escape_string($message);
$q = "INSERT INTO table (title,datetime,text) VALUES ('{$title}',NOW(),'{$message}')";
$rows_affected = $db->exec($q);
if($rows_affected > 0){
echo "<p>Done.</p>";
} else {
echo "<p>Failed. </p>";
}
}
}
The problem I am having is then retrieving this and converting newlines to <br />. Here is what I am doing:
$res = array();
$order = array("\r\n","\n","\r");
$replace = '<br />';
$q = "SELECT title,datetime,text FROM table";
$res = $db->get_all($q);
if($res){
foreach($res as $result){
$result['title'] = stripslashes($result['title']);
$result['text'] = str_replace($order, $replace, stripslashes($result['text']));
}
}
echo "<pre>";
print_r($res);
echo "</pre>";
I just can't get rid of those pesky \r\n's in the message. I have tried changing $order to
$order = array("\\r\\n","\\n","\\r");
// and even
$order = array("\\\r\\\n","\\\n","\\\r");
but nothing seems to work. Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我做了三件事:
stripslashes。他们不应该在那儿。执行查询时,mysql_real_escape_string添加的斜杠将被删除。nl2br。如果已经内置了,为什么还要自己写一些东西呢?foreach循环中的$result前面添加了&。如果我不这样做,则只会修改浅副本,而不是变量本身。因此根本不会有任何改变。I did three things:
stripslashes. They mustn't be there. The slashesmysql_real_escape_stringadds are removed when the query is executed.nl2brfor the new lines. Why write something yourself if it's already built in?&in front of$resultin theforeachloop. If I didn't do this only the shallow copies were modified, not the variables themselves. Thus there wouldn't be any change at all.为了检索数据,您不需要使用 str_replace/stripslashes。
使用 nl2br 将 \n 转换为正确的 HTML 换行符。 (注意:如果您想再次显示文本区域内的文本,例如进行编辑,则需要按原样输出“文本”)。您唯一想要做的就是使用
strip_tags来防止 HTML 被插入到您的输出中。For the retrieving of the data you don't need to screw around with str_replace/stripslashes.
Use nl2br to convert your \n to proper HTML line breaks. (Note: If you want to show the text inside of a textarea again, e.g. for editing, you need to output the "text" as-is). The only thing that you would want to do is use
strip_tagsto prevent HTML from being inserted into your output.nikic 更常见的方式是
覆盖临时 $result 变量,而您必须将修改后的变量写回到数组中。
并给我们的变量命名。
另外,如果是用户提供的文本,请考虑使用 htmlspecialchars()。
more usual way of what nikic did
you did overwrite your temporary $result variable, while you have to write modified variable back into array.
and give our variables sensible names.
Also, consider to use htmlspecialchars() if it's user supplied text.