如何只允许 HTML 进入我的数据库?
我试图允许用户仅在表单中输入 HTML,然后在提交时将其存储到数据库中。我一直在尝试使用 mysql_real_escape_string ,但是我用 HTML 标签放入表单中的 PHP 似乎没有被删除。如何“过滤”存储到数据库中的内容?
编辑:
我想保持 HTML 原样。因此,假设用户输入
<input type="text"/>
并点击提交;我希望能够毫无问题地将其输入数据库,然后稍后能够显示在他们的帖子上。
我想摆脱 PHP 标签之类的东西:
<input type="text"/>
<?php echo "Hello World!"; ?> <-- I do not want to store this.
如果它仍然没有任何意义,我会尽力更好地解释它。
I'm trying to allow the user to input only HTML into a form, and on submit, store it into the database. I've been trying to use mysql_real_escape_string, but the PHP I put into the form with the HTML tags seems to not be stripped. How can I "filter" what is stored into the database?
EDIT:
I want to keep the HTML as-is. So, say a user inputs
<input type="text"/>
and hits submit; I want that to be entered into the database without any problems, and then later on down the road, be able to show up on their post.
I want to get rid of things such as PHP tags:
<input type="text"/>
<?php echo "Hello World!"; ?> <-- I do not want to store this.
If it's still not making any sense I will try my best to explain it a little better.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要解析 HTML 并删除不需要的标签。这是一个相对简单的解析器,例如 PHP XML 解析器。
You'll need to parse the HTML and strip out unwanted tags. This is a relatively trivial with a decent parser, such as the PHP XML Parser.