当前位置: 文江博客话题详情

Symfony:从数据库中转义单引号字符串?

发布于 2024-11-28 18:06:56 字数 1853 浏览 1 评论 0原文

我需要使用 Symfony 的 link_to() 方法生成带有 Javascript 确认对话框的链接。确认对话框文本从数据库条目中获取部分内容:

<?php echo link_to( "click here", 'category/delete?id='.$id, array( 'confirm' => 'Are you sure you want to delete the category: '.$category->getName().'?' ) ) ?>

但是如果数据库条目中有单引号,则确认对话框不起作用,因为生成的 JS 被单引号包围。因此,如果我有一个名为“John's Articles”的类别,则生成的 JS 会这样开始:

<a onclick="if (confirm('Are you sure you want to delete the category: John's Articles?')) { var f = document.createElement('form'); f.styl.... etc... "

所以,其中的单引号搞砸了确认等...

无论如何,我想我只需运行 $category->; getName()addslashes() 但它没有添加任何斜杠...我还尝试提前将类别名称保存为单独的变量,并向其添加斜杠。但它没有添加任何东西。然后我开始研究 Symfony 的 转义方法 并找到了类似 esc_entities( ) 但它们导致文本看起来像 John&amp;#039;s Articles

我该怎么办?我想要做的就是在该字符串中的单引号之前添加一个斜杠。我从未尝试过 str_replace("'","\'",$category->getName()) 但那甚至没有做任何事情。我可以在模板中创建自己的基本字符串,例如 Alex's Testaddslashes() 就可以了。这只是数据库中的这个值,我无法添加任何斜杠。

当我查看数据库中的值时,它看起来就像John's Articles。没有特殊字符或编码字符。

我在这里缺少什么?

更新

我尝试了以下代码,结果如下:

echo $category->getName()."<br/>";

echo addslashes($category->getName())."<br/>";

$tmp = $category->getName();
echo addslashes($tmp)."<br/>";

$tmp = addslashes($category->getName());
echo $tmp."<br/>";

$tmp = "Testing's the Testing";
echo addslashes($tmp)."<br/>";

$tmp = str_replace("'","\\'",$category->getName());
echo $tmp;

结果:

John's Articles
John's Articles
John's Articles
John's Articles
Testing\'s the Testing
John's Articles

数据库中的值根本不会添加斜杠...

原文

I need to generate a link with a Javascript confirmation dialog using Symfony's link_to() method. The confirmation dialog text gets some of it's content from a database entry:

<?php echo link_to( "click here", 'category/delete?id='.$id, array( 'confirm' => 'Are you sure you want to delete the category: '.$category->getName().'?' ) ) ?>

But if the database entry has a single quote in it, the confirm dialog doesn't work because the generated JS is surrounded with single quotes. So if I have a category called "John's Articles", the generated JS starts like this:

<a onclick="if (confirm('Are you sure you want to delete the category: John's Articles?')) { var f = document.createElement('form'); f.styl.... etc... "

So, the single quote in there screws up the confirmation, etc...

Anyways I thought I would simply run $category->getName() through addslashes() but it didn't add any slashes... I also tried saving out the category name as a separate variable ahead of time and adding slashes to that. But it didn't add any. Then I started looking at Symfony's escaping methods and found methods like esc_entities() but they resulted in the text looking like John&#039;s Articles.

What do I do? All I want to do is add in a single slash before single quotes in that string. I never tried str_replace("'","\'",$category->getName()) but THAT didn't even do anything. I can create my own basic string in my template like Alex's Test and addslashes() to it just fine. It's just this value from the database that I can't add any slashes to.

When I look at the value in the database, it looks just like John's Articles. There are no special characters or encoded characters.

What am I missing here?

UPDATE

I've tried the following code with the following results:

echo $category->getName()."<br/>";

echo addslashes($category->getName())."<br/>";

$tmp = $category->getName();
echo addslashes($tmp)."<br/>";

$tmp = addslashes($category->getName());
echo $tmp."<br/>";

$tmp = "Testing's the Testing";
echo addslashes($tmp)."<br/>";

$tmp = str_replace("'","\\'",$category->getName());
echo $tmp;

Results:

John's Articles
John's Articles
John's Articles
John's Articles
Testing\'s the Testing
John's Articles

The values from the database simply will not get slashes added to them...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

冰火雁神 2024-12-05 18:06:57

插入 Javascript 时使用 json_encode()。它专门用于将任意数据结构转换为语法上有效的 Javascript。

<?php echo link_to( ....snip snip...  category: '. json_encode($category->getName()) .'?' ) ) ?>
                                                   ^^^^^^^^^^^^                    ^

将解决该问题,无需任何“有风险的”正则表达式/字符串替换。

use json_encode() when inserting into Javascript. It's specifically intended to turn arbitrary data structures into syntactically valid Javascript.

<?php echo link_to( ....snip snip...  category: '. json_encode($category->getName()) .'?' ) ) ?>
                                                   ^^^^^^^^^^^^                    ^

will take care of the problem, without any "risky" regexes/string replacements.

回复 原文
烟沫凡尘 2024-12-05 18:06:56

看起来你只是使用

addslashes($category->getName())

但你需要将返回值分配给其他变量,例如。

$nameWithSlashes=addslashes($category->getName())

Seems like you just use

addslashes($category->getName())

But you need assign returned value to other variable, ex.

$nameWithSlashes=addslashes($category->getName())
回复 原文
~没有更多了~

关于作者

空城仅有旧梦在

暂无简介

0 文章
0 评论
781 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

尘世孤行

文章 0 评论 0

烟─花易冷

文章 0 评论 0

你是年少的欢喜

文章 0 评论 0

倒带

文章 0 评论 0

忱杏

文章 0 评论 0

送君千里

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文