1. 首页
  2. 问答
  3. PHP和MySQL的问题?

PHP和MySQL的问题?

2010-03-31 73 views
0

当我的代码被存储并保存并推出时,我在输出文本中不断得到这些斜杠\\\\\。我怎样才能摆脱这些斜线?PHP和MySQL的问题?

这里是PHP代码。

if (isset($_POST['submitted'])) { // Handle the form. 


require_once '../../htmlpurifier/library/HTMLPurifier.auto.php'; 

$config = HTMLPurifier_Config::createDefault(); 
$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding 
$config->set('HTML.Doctype', 'XHTML 1.0 Strict'); // replace with your doctype 
$purifier = new HTMLPurifier($config); 


$mysqli = mysqli_connect("localhost", "root", "", "sitename"); 
$dbc = mysqli_query($mysqli,"SELECT users.*, profile.* 
           FROM users 
           INNER JOIN contact_info ON contact_info.user_id = users.user_id 
           WHERE users.user_id=3"); 

$about_me = mysqli_real_escape_string($mysqli, $purifier->purify($_POST['about_me'])); 
$interests = mysqli_real_escape_string($mysqli, $purifier->purify($_POST['interests'])); 



if (mysqli_num_rows($dbc) == 0) { 
     $mysqli = mysqli_connect("localhost", "root", "", "sitename"); 
     $dbc = mysqli_query($mysqli,"INSERT INTO profile (user_id, about_me, interests) 
            VALUES ('$user_id', '$about_me', '$interests')"); 
} 



if ($dbc == TRUE) { 
     $dbc = mysqli_query($mysqli,"UPDATE profile 
            SET about_me = '$about_me', interests = '$interests' 
            WHERE user_id = '$user_id'"); 

     echo '<p class="changes-saved">Your changes have been saved!</p>'; 
} 


if (!$dbc) { 
     // There was an error...do something about it here... 
     print mysqli_error($mysqli); 
     return; 
} 

}


这里是XHTML代码。

<form method="post" action="index.php"> 
    <fieldset> 
     <ul> 
      <li><label for="about_me">About Me: </label> 
      <textarea rows="8" cols="60" name="about_me" id="about_me"><?php if (isset($_POST['about_me'])) { echo mysqli_real_escape_string($mysqli, $_POST['about_me']); } else if(!empty($about_me)) { echo mysqli_real_escape_string($mysqli, $about_me); } ?></textarea></li> 

      <li><label for="my-interests">My Interests: </label> 
      <textarea rows="8" cols="60" name="interests" id="interests"><?php if (isset($_POST['interests'])) { echo mysqli_real_escape_string($mysqli, $_POST['interests']); } else if(!empty($interests)) { echo mysqli_real_escape_string($mysqli, $interests); } ?></textarea></li> 

      <li><input type="submit" name="submit" value="Save Changes" class="save-button" /> 
       <input type="hidden" name="submitted" value="true" /> 
      <input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li> 
     </ul> 
    </fieldset> 

</form>

来源

2010-03-31 TaG

+3

在xhtml代码中:你正在使用'mysql_real_escape_string'错误,它是为了逃避进入数据库的东西。你想要的是'htmlspecialchars'。 – SeanJA 2010-03-31 04:09:45

+0

数据中是否存在实际的斜杠,即存储在数据库中?您可能会打开可怕的“magic_quotes”,并且双重转义您的输入。 – bdl 2010-03-31 04:15:51

回答

-1

当你从MySQL提取数据,你会希望通过它来运行它弄干净输出:

$clean_value = stripslashes($value);

来源

2010-03-31 04:07:35 swt83

+0

这会剥离我的HTML标记中的斜线吗? – TaG 2010-03-31 04:09:35

+0

我不这么认为,但我不确定。尝试阅读关于它 - http://php.net/manual/en/function.stripslashes.php – swt83 2010-03-31 04:13:59

相关问题

 相关问题