0

我有一个 html 表单,我的网站的用户可以输入,单击提交,然后 mysql 将其插入数据库,并且由于某种原因,当它被提交到我的长文本和 utf8_unicode_ci 格式的“bio”列时,如果用户键入jame 显示为 jame\'s,我不想要这些斜线。

有谁知道为什么会发生这种情况以及我如何摆脱斜线?谢谢

html:

<form action="includes/changebio.php" method="post" id="form1">         
 <textarea id="bio" style="width: 448px; 
    margin-top:3px;
    text-align:left;
    margin-left:-2px;
    height: 120px;
    resize: none; 
    border: hidden;" textarea name="bio" data-id="bio" maxlength="710"><?php echo htmlspecialchars($profile['bio']); ?></textarea>
<input type="image" src="assets/img/icons/save-edit.png"class="bio-submit" name="submit" value="submit" id="submit"/>
</form>

php:

<?php ob_start(); ?>
<?php
require_once("session.php"); 
require_once("functions.php");
require('_config/connection.php');
?>
<?php 
session_start();
include '_config/connection.php'; 
$bio = htmlspecialchars($_POST['bio']); 
$result = mysql_query("SELECT bio FROM ptb_profiles WHERE id=".$_SESSION['user_id']."");
if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else 
if($bio!= mysql_result($result, 0)) 
{ 
echo ""; 
    $sql=mysql_query("UPDATE ptb_profiles SET bio ='".mysql_real_escape_string($bio)."' WHERE id=".$_SESSION['user_id'].""); 
}
header("Location: {$_SERVER['HTTP_REFERER']}");
?>
<?php ob_end_flush() ?>
4

3 回答 3

1

Your server is probably quite old and it has enabled a good old PHP "feature" called Magic Quotes. That feature should have never existed in the first place and the best think you can do is trying to disable it.

于 2013-03-05T12:14:42.557 回答
0

利用strip_slashes

echo strip_slashes($string);

用这个 :

<?php echo htmlspecialchars(strip_slashes($profile['bio'])); ?>
于 2013-03-05T12:08:42.313 回答
-1

你在你的 sql 查询mysql_real_escape_string()中通过在它变成 \' 之前输入 \ 来逃避任何 ' 标记

所以 \' 存储在您的数据库中,然后当您在屏幕上显示输出时需要删除斜杠,以便您<?php echo stripslashes($profile['bio']); ?在文本区域中执行 >

请参阅stripslashes()mysql_real_escape_string()

您可能还想考虑转换为使用 PDO 或 mysqli 而不是旧的 mysql_ 函数,因为它们现在已被弃用

于 2013-03-05T12:12:19.773 回答