nl2br 不适用于 ical 摘要换行符“\n”
我正在收集 PHP 中的一个事件的摘要。问题是,摘要包含换行符 \n,我想在插入事件时将其替换为
在我的 PHPMyAdmin 中,转义 ical 摘要后,我看到字符 \n,但如果不转义 ical 摘要,我就看不到字符 \n。然而,无需逃避,我就可以看到真正的换行符。我需要逃避 ical 摘要以确保我的数据库安全。使用 nl2br 函数在这两种情况下都不起作用?为什么?
代码:
//without escaping
$title = $vevent->getProperty('summary');//Object method which retrieves the summary of an event
$title = nl2br($title);
//with escaping
$title = mysql_real_escape_string($vevent->getProperty('summary'));
$title = nl2br($title);
I'm collecting a summary of an ical event in PHP. The thing is, that the summary contains line breaks \nand I want to replace them with <br> when inserting the events.
In my PHPMyAdmin after escaping the ical summary I see the characters \n, but without escaping the ical summary I can't see the characters \n. However, without escaping I can see actual real line-breaks. I need to escape the ical summary to make my database safe. Using the nl2br function is not working in both cases? Why?
CODE:
//without escaping
$title = $vevent->getProperty('summary');//Object method which retrieves the summary of an event
$title = nl2br($title);
//with escaping
$title = mysql_real_escape_string($vevent->getProperty('summary'));
$title = nl2br($title);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
嗯,朋友,阅读手册页面怎么样? http://php.net/manual/en/function.mysql -real-escape-string.php 说
您的换行符已经被 SQL 转义。所以你之前需要nl2br。
我向大家发出的通常的咆哮是:为什么你在 2011 年使用 mysql 扩展?它在五年前就已经过时了。使用 mysqli 或 PDO 和准备好的语句,那么你不需要担心转义。
Hrm, what about reading the handbook page, my friend? http://php.net/manual/en/function.mysql-real-escape-string.php says
Your line breaks are already SQL escaped. so you need to nl2br before.
And the usual rant I give to everyone: why are you using the mysql extension in 2011? It went out of fashion half a decade ago. Use mysqli or PDO and prepared statements, then you dont need to worry about escaping.
您可以以相反的方式执行此操作:
但是您不需要在插入数据库之前调用 nl2br。输出数据到浏览器时最好做nl2br。这样,您可以将实际数据存储在数据库中(稍后可以在其他上下文中使用),并在输出之前使用 HTML 对其进行格式化。
You can do it the other way around:
But you shouldn't need to call nl2br before inserting into the database. It's better to do nl2br when you output the data to the browser. That way you store the actual data in the database (which later can be used in other context) and format it with HTML before outputting.