转义引号,都“”和'
我正在尽力解决这个问题,这让我发疯,我希望我可以使用 preg_replace 或 ereg_replace 来解决这个问题。
基本上我正在输出从新闻文章中获取的文本字符串,我将前 100 个字符四舍五入到最接近的单词末尾,如果“或 ' 出现在 100 个字符的字符串中并且没有结束”或' 存在,这会导致我的 PHP 代码失败。所以我需要编写某种替换代码,以便所有“和”都将替换为“”和“”,这样它们就会被转义并且不会影响我的PHP。
更新
我无法纠正与数据库插入有关的任何内容,因为我正在处理一个非常旧的数据存档,我无法处理并重新输入数据库,所以我坚持使用我所拥有的内容。
这是我的代码:
$text = preg_replace('/\s+?(\S+)?$/', '',substr($text, 0, 100));
echo '<div style="color: #8197cd;" >'.$text.'...</div>';
这样就可以获取我的文本,缩短它并将其放入最接近的单词。
然后我尝试做一些类似的事情:
$text = preg_replace("\"","\"",$text);
$text = preg_replace("\'","\'",$text);
但是 preg_replace 不是我的强项,所以这是完全错误的!
I am trying my best to work this out and it is driving me crazy, I am hoping that I can use either preg_replace or ereg_replace for this.
Basically I am putting out string of text which is taken from a news article, I am taking the first 100 characters rounded to the closest end of word, the problem occurs if a " or ' appears in the 100 characters string and no closing " or ' is present, this then causes my PHP code to fail. So I need to write some kind of replace code so that all " and ' will be replaced with \" and \' so they are escaped and don't affect my PHP.
Update
I cannot correct anything to do with database insertion as I am dealing with a very old archive of data which I cannot process and re-enter into the database so I'm stuck with what I have got there.
This is the code I have:
$text = preg_replace('/\s+?(\S+)?$/', '',substr($text, 0, 100));
echo '<div style="color: #8197cd;" >'.$text.'...</div>';
So that takes my text, shortens it and puts it to the nearest word.
Then I am trying to do something along the lines of:
$text = preg_replace("\"","\"",$text);
$text = preg_replace("\'","\'",$text);
But preg_replace is not a strong point of mine so that is completely wrong!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您正试图解决一个本来不应该出现的问题——很可能是 mySQL 查询中未转义的输入。您需要解决这个问题(这也是一个安全问题)。
显示损坏的代码,我相信有人能够指出需要做什么。
You're trying to fix a problem that shouldn't be there in the first place - most likely unescaped input in a mySQL query. You need to fix that instead (it's also a security problem).
Show the code that breaks, I'm sure someone will be able to point out what needs to be done.
你的问题似乎缺少一些东西。您应该考虑发布有问题的代码。
在您要回显的变量中添加引号不会失败。我唯一能想象导致错误的事情是,如果您使用某种模板系统或代码来获取字符串并使用它在某处执行 eval() ,但这将是一个非常糟糕的系统。
如果要将字符串插入数据库,则需要对这些字符进行转义,如 SiteSafeNL 所提到的。
如果 eval 是问题的根源,那么他还建议的 htmlentities 可以解决它。
根据问题的最新添加内容添加
请尝试以下操作:
并且 preg_replaces 没有用,因此只需省略该代码即可。
Something seems to be missing from your question. You should consider posting the code that is having a problem.
Having quotes inside a variable you are echoing out is not going to fail. The only thing I could imagine causing an error would be if you were using some sort of template system or code that was taking the string and using it to do an eval() somewhere, but that would be a very poor system.
If you are inserting the string into a database, then you would need to escape those characters, as mentioned by SiteSafeNL.
If an eval is the source of the problem, then htmlentities which he also suggested would fix it.
Added based on latest additions to the question
Please try this:
And the preg_replaces are not useful, so simply omit that code.
你不需要像 mysql_real_escape_string 或 html实体?
Don't you need anything like mysql_real_escape_string or htmlentities?