0

我刚刚将我网站上的编辑器从常规的十年前的 bbcode 编辑器更改为最新的 ckeditor。一切正常,期望一旦使用 CKeditor 提交评论,输出显示如下

<p>Testing</p> 
<p>&nbsp;</p>

所以最后输出显示html代码。我如何让它不显示 html 代码并实际执行 html 指定的操作,例如粗体、斜体、居中等。

顺便说一句,我是网站开发的新手,所以尽可能简单地解释一下,否则我可能不明白你在说什么。我还在下面添加了我正在使用的代码。

<?php

session_start();

include "init.php";

$pg_title = "Comments";

if($_SESSION['auth'] && $_SESSION['auth']['ip_address'] == ip2long(get_real_ip()) && isset($_SESSION['auth']['sid']))
{
    include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';

    $id = $_GET['id'];
    $pg = $_GET['pg'];

    if(!preg_match("/[0-9]+/", ($id or $pg)))
    {
        echo '<div style="text-align: center;">The news ID or page number cannot be found in our database.</div>';
        include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
        exit();
    }

    if(!isset($id) or !isset($pg) or empty($id) or empty($pg))
    {
        echo '<div style="text-align: center;">The news ID or page number cannot be found in our database.</div>';
        include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
        exit();
    }

    $sql = mysql_connect($config['mysql_host'], $config['mysql_user'], $config['mysql_pass']);
    mysql_select_db($config['mysql_name'], $sql);

    $news = mysql_fetch_array(mysql_query("SELECT * FROM news WHERE id = '$id'"));

    $limit = 20;
    $comment_num = $news['comments'];
    $pages_num = ceil($comment_num/$limit);
    $comments = "(<strong>$comment_num</strong>)";

    if($pages_num == 0) {
        $comments = "<a href=\"comments,".$news[0].",1.html\">$comments</a>";
    } else {
        $comments = "<a href=\"comments,".$news[0].",$pages_num.html\">$comments</a>";
    }
?>
        <div class="post">
            <div class="title">
                <div class="left">&nbsp;</div>
                <div class="main">
                    <h2><?php echo stripslashes($news[1]); ?></h2>
                    <p><span>Posted by:</span> <?php echo "<a href=\"profile,".strtolower($news[2]).".html\">".ucwords($news[2])."</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span>On:</span> ".$news[4].""; ?></p>

                </div>
                <div class="comment"><?php echo $comments; ?></div>
                <div class="right">&nbsp;</div>
                <div class="clr">&nbsp;</div>
            </div>
            <div class="entry">
                <p><?php echo stripslashes($news[3]); ?></p>

            </div>
        </div>



<?php

    $limit_value = $pg * $limit - ($limit);

    $comment_list = mysql_query("SELECT * FROM comments WHERE news_id = '$id' LIMIT $limit_value, $limit");

    if(mysql_num_rows($comment_list) == 0) {
            echo '<div style="text-align: center; margin-bottom: 20px;"><em>No comments have been posted yet.</em></div>';
            //  echo "<div style=\"height: 1px; background: url('http://localhost/projects/bleachexile.com/templates/v3/images/split.gif') repeat-x bottom left; margin: 1px 0px 1px 0px;\"></div>";
    }
?>
<style type="text/css">
<!--
table, tr, td { border: 1px solid #2e2e2e; border-collapse: collapse; }
.bbcode a { margin-left: 5px; padding: 0; float: left; border: 1px solid #242424; line-height: 0; }
.bbcode a:hover { background-color: #242424; border: 1px solid #2e2e2e; }
.bbcode a img { border: 0; }
.spoiler { width: 80%; margin: 10px auto; visibility: hidden; cursor: default; cursor: hand; }
.spoiler div { visibility: visible; text-align: center; border: 1px solid #2e2e2e; background-color: #242424; font-weight: bold; }
.code { margin: 10px 5px; font-family: Courier New; }
-->
</style>
    <?php

    $timenow = time();

    $cc = ceil(mysql_num_rows(mysql_query("SELECT * FROM comments WHERE news_id = '$id'"))/20);

    if(mysql_num_rows($comment_list) != 0)
    {
        echo '<div style="border: 1px solid #2e2e2e; background: #242424; padding: 2px 4px 2px 4px; margin-bottom: 12px;">
              <div style="float: right; margin-top: 3px;">Current Page: '.$pg.' of '.$cc.'</div>';
        echo "<form name=\"pageForm\" method=\"get\" action=\"\" style=\"margin: 0px; padding: 0px;\">Go to page: <select name=\"pg\" onchange=\"document.location=this.value\" style='width: 40px;'>";

        for($i = 1; $i <= $cc; $i++)
        {
            if($i == $pg) {
                echo "<option value=\"comments,$id,$i.html\" selected=\"selected\">$i</option>";
            } else {
                echo "<option value=\"comments,$id,$i.html\">$i</option>";
            }
        }

        echo "</select> of $cc</form>";

        echo '</div>';

    }

    while($row = mysql_fetch_array($comment_list))
    {
        $x = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '{$row['poster']}'"));

        if($x['active'] < ($timenow - 300))
        {
            $y = '<strong style="color: red;">Offline</strong>';
        }
        else
        {
            $y = '<strong style="color: green;">Online</strong>';
        }

        echo '<table width="100%" border="0" cellspacing="0" cellpadding="2" style="margin-bottom: 12px;">';
        echo '<tr>';
        ?><td align="center" valign="top" width="1%" style="padding: 2px;">
<?php
$ava = explode("|", $x['user_avatar']);
if($ava[0] == "local")
{
    $img = getimagesize(ROOT . "/images/uploads/avatars/".strtolower($x['username']).$ava[1]."");
    echo '<img src="images/uploads/avatars/' . strtolower($x['username']) . $ava[1] . '" width="'.$img[0].'" height="'.$img[1].'" alt="'.ucwords($x['username']).'\'s Avatar" />';
}
else
{
    echo '<img src="templates/v3/images/no_avatar.gif" width="75" height="75" alt="No Avatar" />';
}
    echo "<div style='margin-top: -2px; text-align: center;'>";
      if ($x['custom_rank'] == NULL) {
        if($x['posts'] <= 200 and $x['rank'] != "1") {
            echo "Human";
        } elseif($x['posts'] > 200 and $x['posts'] <= 500 and $x['rank'] != "1") {
            echo "Student Exorcist";
        } elseif($x['posts'] > 500 and $x['posts'] <= 700 and $x['rank'] != "1") {
            echo "Novice Exorcist";
        } elseif($x['posts'] > 700 and $x['posts'] <= 800 and $x['rank'] != "1") {
            echo "Advanced Exorcist";
        } elseif($x['posts'] > 800 and $x['posts'] <= 900 and $x['rank'] != "1") {
            echo "Equip Type Exorcist";
        } elseif($x['posts'] >  900 and $x['posts'] <= 1000 and $x['rank'] != "1") {
            echo "Parasite Type Exorcist";
        } elseif($x['posts'] >  1000 and $x['posts'] <= 1200 and $x['rank'] != "1") {
            echo "Division Leader";
        } elseif($x['posts'] >  1200 and $x['posts'] <= 1500 and $x['rank'] != "1") {
            echo "General";
        } elseif($x['posts'] >  1500 and $x['posts'] <= 1800 and $x['rank'] != "1") {
            echo "Akuma";
        } elseif($x['posts'] >  1800 and $x['posts'] <= 2000 and $x['rank'] != "1") {
            echo "Akuma Level 2";
        } elseif($x['posts'] >  2000 and $x['posts'] <= 2500 and $x['rank'] != "1") {
            echo "Akuma Level 3";
        } elseif($x['posts'] >  2500 and $x['posts'] <= 3500 and $x['rank'] != "1") {
            echo "Akuma Level 4";
        } elseif($x['posts'] >  3500 and $x['posts'] <= 4500 and $x['rank'] != "1") {
            echo "Noah Family Member";
        } elseif($x['posts'] >  4500 and $x['posts'] <= 5000 and $x['rank'] != "1") {
            echo "S-Class Missing-nin";
        } elseif($x['posts'] >  5000 and $x['posts'] <= 6000 and $x['rank'] != "1") {
            echo "Legendary Sannin";
        } elseif($x['posts'] >  6000 and $x['posts'] <= 8000 and $x['rank'] != "1") {
            echo "Kage";
        } elseif($x['posts'] > 8001 and $x['rank'] != "1") {
            echo "Hokage";
        } elseif($x['rank'] == "1") {
            echo "<span style='font-weight: bold; color: royalblue;'>Administrator</span>";
        }
      } else {
        echo '<span style="color: maroon;">'.$x['custom_rank'].'</span>';
        if($x['rank'] == "1") {
            echo "<br /><span style='font-weight: bold; color: royalblue;'>Administrator</span>";
        }
      }
    echo "</div>";
    echo "<div style='text-align: center;'>";
    echo "<strong>Posts:</strong> " . $x['posts'];
    echo "</div>";
    echo '<td align="left" valign="top" style="background: #242424;"><div style="border-bottom: 1px solid #2e2e2e; background: #323232;"><div style="padding: 2px;">Posted by <strong><a href="profile,'.strtolower($row['poster']).'.html">'.ucwords($row['poster']).'</a></strong> on '.$row['date'].'</div></div><div style="padding: 2px;">'.stripslashes($row['comment']).'</div></td></td>';
        echo '</tr>';                                                                                                                 // comments,'.$id.','.$pg.','.$row['id'].'.html
        if($x['donor'] == 1 or $x['referrals'] >= 25)
        {
            $xxx = '<em style="font-size: 11px; font-weight: bold; color: #1b9eb2;">Supportive Member!</em>';
        }
        else
        {
            $xxx = "";
        }
        echo '<tr><td colspan="2" align="right" style="background: #323232; padding: 2px;"><div style="float: left;">'.$xxx.'</div>'.ucwords($row['poster']).' is '.$y.' | <a href="#quoteMessage" onClick="mQuoteMessage('.$row['id'].'); return false;">Quote Comment</a> | <a href="message,'.strtolower($row['poster']).'.html">Private Message</a></td></tr>';
        echo '</table>';
    }

?>
<a name="checkComments"></a>
<script type="text/javascript">
  var newComment = 'null';

  function makeRequest(url) {
    var http_request = false;

    if (window.XMLHttpRequest) { // Mozilla, Safari, ...
      http_request = new XMLHttpRequest();
            if (http_request.overrideMimeType) {
                http_request.overrideMimeType('text/xml');
                // See note below about this line
            }
        } else if (window.ActiveXObject) { // IE
            try {
                http_request = new ActiveXObject("Msxml2.XMLHTTP");
            } catch (e) {
                try {
                    http_request = new ActiveXObject("Microsoft.XMLHTTP");
                } catch (e) {}
            }
        }

        if (!http_request) {
            return false;
        }
          http_request.onreadystatechange = function() { doContents(http_request); };
          http_request.open('GET', url, true);
          http_request.send(null);
    }

    function doContents(http_request) {

        if (http_request.readyState == 4) {
            if (http_request.status == 200) {
                newComment = http_request.responseText;
            if (newComment > 0) {
            document.getElementById('comCheck').innerHTML = 'There are ' + newComment + ' new comments. Would you like to?<br /><a href="#checkComments" onclick="SetDefault();">cancel</a> <a href="#checkComments" onclick="location.reload();">reload</a>';
        } else {
            document.getElementById('comCheck').innerHTML = 'No new comments found. <br /><a href="#checkComments" onclick="StartScan();">Try again</a>';
        }
            }
        }

    }
function SetDefault() {
   document.getElementById('comCheck').innerHTML = '<a href="#checkComments" onclick="StartScan();">Check for new comments</a>';
}
function StartScan() {
   document.getElementById('comCheck').innerHTML = 'Checking in progress, please wait...'; 
   <!-- Do The OnLine Scan -->
   makeRequest('com_update.php?id=<?=$id?>&current=<?=$comment_num?>');
}
</script>
<div style="border: 1px solid #2e2e2e; background: #242424; padding: 2px 4px 2px 4px; margin-bottom: 12px; text-align: center;" id="comCheck">
<a href="#checkComments" onclick="StartScan(); StartScan();">Check for new comments</a>
</div>
<?php
    if(mysql_num_rows($comment_list) != 0)
    {
        echo '<div style="border: 1px solid #2e2e2e; background: #242424; padding: 2px 4px 2px 4px; margin-bottom: 12px;">
              <div style="float: right; margin-top: 3px;">Current Page: '.$pg.' of '.$cc.'</div>';

        echo "<form name=\"pageForm\" method=\"get\" action=\"\" style=\"margin: 0px; padding: 0px;\">Go to page: <select name=\"pg\" onchange=\"document.location=this.value\" style='width: 40px;'>";

        for($i = 1; $i <= $cc; $i++)
        {
            if($i == $pg) {
                echo "<option value=\"comments,$id,$i.html\" selected=\"selected\">$i</option>";
            } else {
                echo "<option value=\"comments,$id,$i.html\">$i</option>";
            }
        }

        echo "</select> of $cc</form>";

        echo '</div>';
    }
        ?>
<script type="text/javascript" src="/exec/js/bbcode.js"></script>
<form name="textForm" id="textForm" method="post" action="" style="margin: 0px; padding: 0px;">

        <?
    if(!isset($_POST['submit']))
    {
        echo '<legend style="color: #1b9eb2;">Comment</legend>';
        echo '<div style="padding-bottom: 4px;"></div>';
        echo '<strong>Body Message:</strong><br /><textarea class="ckeditor" name="textArea" id="textArea" style="width: 100%; height: 100px;">';        
        echo '</textarea>';
        echo '<div style="margin-top: 8px;"></div><input type="submit" name="submit" id="submit" value="Post Comment" style="width: 88px;" /> ';
        echo '</form>';

        }
        else
        {

        $comment = trim($_POST['textArea']);


        if(!isset($comment) or empty($comment) or (strlen($comment) < 3) or (strlen($comment) > 3000))
        {

        echo '<fieldset style="padding: 4px; margin-top: 8px;">';
        echo '<legend style="color: #1b9eb2;">Comment</legend>';
        echo '<div style="padding-bottom: 4px; color: red;">The length of the entered comment was insufficient.</div>';
        echo '<strong>Body Message:</strong><br /><textarea class="ckeditor" name="textArea" id="textArea" style="width: 530px; height: 100px;">';    
        echo '</textarea>';
        echo '</fieldset>';
        echo '<div style="margin-top: 8px;"></div><input type="submit" name="submit" id="submit" value="Post Comment" style="width: 88px;" /> <input type="reset" name="reset" id="reset" value="Reset Friends" style="width: 87px;" />';
        echo '</form>';

        }
        else
        {
                $date = date("l, F jS, Y \a\\t h:i:s A");
                $comment = htmlspecialchars($comment);

        // ADVANCED BBCODE PREG PATTERNS - DON'T EVEN DARE TO MODIFY :)))
        $validUsername = "[a-zA-Z0-9]{3,16}";
        $validDate = "[a-zA-Z0-9]+,\s?[a-zA-Z]+\s+\d+[a-zA-Z]+,\s?\d+\s+\d{2}\:\d{2}\:\d{2}\s+[a-zA-Z]{2}";
        $validURL = ".*?";
        $quoteBBCodePattern = '/\[QUOTE=('.$validUsername.'),\s?('.$validDate.')\](.*?)\[\/QUOTE\]/xs';
        $urlBBCodePattern = '/\[URL=('.$validURL.')\](.*?)\[\/URL\]/';
        // SIMPLE BBCODE REPLACE
        $comment = preg_replace("/\[(B|b|I|i|U|u)\]/", "<$1>", $comment);
        $comment = preg_replace("/\[\/(B|b|I|i|U|u)\]/", "</$1>", $comment);
        $comment = preg_replace("/\[(CODE|code)\](.*?)\[\/(CODE|code)\]/xs", '<div class="code">\\2</div>', $comment);
        $comment = preg_replace("/\[URL\]((http:\/\/)?(.*?))\[\/URL\]/", "<a href=\"http://\\3\">\\1</a>", $comment);
        $comment = preg_replace("/\[QUOTE\](.*?)\[\/QUOTE\]/xs", "<div class=\"quote\">$1</div>", $comment);
        $comment = preg_replace("/\[SPOILER\](.*?)\[\/SPOILER\]/xs", "<div class=\"spoiler\" onclick=\"this.style.visibility='visible';\"><div>SPOILER</div>$1</div>", $comment);
        // ADVANCE BBCODE REPLACE
        $comment = preg_replace($quoteBBCodePattern, '<div class=\"quote\">$1 on $2<div class=\"under\">$3</div></div>', $comment);
        $comment = preg_replace($urlBBCodePattern, '<a href="$1">$2</a>', $comment);

                $comment = nl2br(addslashes($Std->parseEmoticons($comment)));
                mysql_query("INSERT INTO comments (news_id, poster, date, comment) VALUES ('$id', '".ucwords($_SESSION['auth']['username'])."', '$date', '$comment')");
                mysql_query("UPDATE news SET comments = (comments + 1) WHERE id = '$id'");
                mysql_query("UPDATE users SET posts = (posts + 1) WHERE id = '{$_SESSION['auth']['uid']}'");

                echo "<script style='text/javascript'>document.location='".$_SERVER['REQUEST_URI']."'</script>";

     /*   echo '<form name="post_comment" id="post_comment" method="post" action="" style="margin: 0px; padding: 0px;">';
        echo '<fieldset style="padding: 4px;">';
        echo '<legend style="color: #456194;">Comment</legend>';
        echo '<div style="padding-bottom: 4px; color: green;">Your comment has been successfully submitted. <a href="comments,'.$news[0].','.$pages_num.'.html">Click here</a> to display your comment.</div>';
        echo '<strong>Body Message:</strong><br /><textarea name="comment_post" id="comment_post" style="width: 495px; height: 100px;">'.stripslashes($comment).'</textarea>';
        echo '</fieldset>';
        echo '<div style="margin-top: 8px;"></div><input type="submit" name="submit" id="submit" value="Post Comment" style="width: 100px;" /> <input type="reset" name="reset" id="reset" value="Reset Friends" style="width: 88px;" /></div>';
        echo '</form>'; */

        }

        }


   //     echo "</div>";
    //echo "</div></div>";

        include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';

} else {
        header("Location: signin.html");
        exit();
}

?>
4

1 回答 1

2

$comment = htmlspecialchars($comment);

这是您转换所有 < 和 > 的问题,因此它们存储在数据库&lt;&gt;

然后浏览器显示原始 < 和 > 而不是将其视为 html。

参考:htmlspecialchars

于 2013-01-06T19:40:45.583 回答