0

我有一个有趣的问题。我有下面的代码$_POST['content']$_POST['page']. 我试图写的“内容”是“HTML”(见下文)但是,实际写的内容是

<footer> 
        <div class="grid_16"> 
                <div class="wrapper"> 
                        <span class="right"><!-- {%FOOTER_LINK} --></span>

即:缺少大部分内容。

任何指导将不胜感激

<?php

if (!$_POST['content'] && !$_POST['page'])
    return false;

$content = $_POST['content'];
$page = $_POST['page'];

$fp = fopen('content/'.$page, 'w');

fwrite($fp, htmlspecialchars($content));

fclose($fp);

?>

$_POST['content']是:

<footer> 
    <div class="grid_16"> 
        <div class="wrapper"> 
            <span class="right"><!-- {%FOOTER_LINK} --></span> l
            la-panacee &copy; 2013 &nbsp;|&nbsp; 
            <a href="privacyStatement.php">Privacy policy</a>
        </div> 
    </div>
 </footer>
4

1 回答 1

0

截断 HTML 的原因可能是因为 $_POST 变量中存在未编码的 & 符号。

RFC 2396:统一资源标识符 (URI):通用语法

2.2. Reserved Characters

   Many URI include components consisting of or delimited by, certain
   special characters.  These characters are called "reserved", since
   their usage within the URI component is limited to their reserved
   purpose.  If the data for a URI component would conflict with the
   reserved purpose, then the conflicting data must be escaped before
   forming the URI.

      reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                    "$" | ","

   The "reserved" syntax class above refers to those characters that are
   allowed within a URI, but which may not be allowed within a
   particular component of the generic URI syntax; they are used as
   delimiters of the components described in Section 3.
于 2013-01-11T03:45:11.957 回答