爆炸和foreach问题
用户在如下框中输入网址:
- google.net
- google.com
然后我尝试验证/检查网址,因此:
function check_input($data) {
$data = trim($data);
$data = mysql_real_escape_string($data);
return $data;
}
验证后:
$flr_array = explode("\n", $flr_post);
因此,我可以验证每个网址。但是 mysql_real_escape_string 会在 URL 之间找到空格并添加:
<--print_r information-->
google.net\r\ngoogle.com
我的 URL 应该如下所示:
- google.net
- google.com
如何删除 \r,因为它会破坏其他所有内容? 有没有更好的方法来验证 URL?
尝试使用 str_replace,但没有成功。
A user enters URLs in a box like this:
- google.net
- google.com
I then try to validate / check the URLs, so:
function check_input($data) {
$data = trim($data);
$data = mysql_real_escape_string($data);
return $data;
}
After validation:
$flr_array = explode("\n", $flr_post);
So, I can validate each URL. But mysql_real_escape_string finds spaces between URLs and adds:
<--print_r information-->
google.net\r\ngoogle.com
My URLs should and look like these:
- google.net
- google.com
How do I remove \r, because it breaks everything else?
Is there a better way to validate URLs?
Tried with str_replace, but no luck.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
验证 URL 的最佳方法是使用 PHP 的
filter_var()docs 功能如下:The best way to validate URLs is to use PHP's
filter_var()docs function like so:这就是单引号和双引号之间的区别:
Thats where difference between single and double quotes comes into picture:
使用 preg_split 代替,
它将在有一个或多个 \n 或 \r 的任何地方进行拆分。
你在做什么 mysql_real_escape_string ?这是以后用于数据库的吗?在进行其他处理之前不要进行转义。该处理可能会破坏转义 m_r_e_s() 的功能,但仍然会让您容易受到 SQL 注入的攻击。
m_r_e_s() 必须是在 sql 查询字符串中使用字符串之前对字符串执行的最后一件事。
Use preg_split instead,
That'll split anywhere there's one or more \n or \r.
What are you doing the mysql_real_escape_string for? Is this intended for a database later on? Don't do an escaping BEFORE you do other processing. That processing can break the escaping m_r_e_s() does and still leave you vulnerable to sql injection.
m_r_e_s() MUST be the LAST thing you do to a string before it's used in an sql query string.
您应该使用正则表达式来验证 $flr_array 中的 URL。
使用preg_match(),如果有匹配,它将填充$matches 变量与结果(如果您在函数调用中提供了它)。这就是 php.net 对此的说法:
“如果提供了 matches,那么它将填充搜索结果。$matches[0] 将包含与完整模式匹配的文本,$matches1 将具有与第一个捕获的带括号的子模式匹配的文本,依此类推。"
You should use regular expressions to validate URL's in your $flr_array.
With preg_match(), if there is a match it it will fill the $matches variable with results (if you provided it in your function call). This is what php.net has to say about it:
"If matches is provided, then it is filled with the results of search. $matches[0] will contain the text that matched the full pattern, $matches1 will have the text that matched the first captured parenthesized subpattern, and so on."
您可以使用: nl2br() — 在字符串中的所有换行符之前插入 HTML 换行符
示例:
输出:
源: http://php.net/manual/en/function.nl2br.php
You can use : nl2br() — Inserts HTML line breaks before all newlines in a string
Example :
Output :
Source : http://php.net/manual/en/function.nl2br.php