0

What's the best way to display a person's height with feet and inches as a string and also prevent sql injection as well as ensure proper input format? Ideally, I'd like to display it like 5'11" as an example.

$height = $_POST['height'];
$height = stripslashes($height);

The problem with this is, although in MySQL its stored as 5'11", when it outputs on the page it displays it as 5'11 without the double quote at the end.

Is there a better way to do this? I am also considering trying to separate the height into two separate textfield inputs, one for feet and one for inches.. then combining the two to display as one.

Suggestions?

4

2 回答 2

1

要显示您需要转义的引号:

echo "5\' 11\"";

将输出:

5' 11"

在插入数据库之前,您可以使用addlashes转义所有字符(需要转义的)。然后,为了增加安全性,您应该查看准备好的语句

于 2013-03-28T05:50:58.207 回答
0

您可以用一点创意过滤内容,以使其保持一致。在此示例中,我将使用 htmlentities 转换所有内容,但没有必要以这种方式将它们存储在数据库中。您需要确保在数据库注入之前对 PDO 使用 mysqli_real_escape_string() 或 quote() 之类的东西。

<?php
    //$height = $_POST['height'];
    $heights = array('5\' 6"','5ft 6in','5 feet 6 inches','5.5\'','5\'6"','5 1/2\'','3 foot 5 inches','2ft 8in','3 1/4in','3 1/4ft');

    $patterns = array(
    //Double Quotes
    '!&#34;!',
    '!&ldquo;!',
    '!&rdquo;!',
    '!&#8220;!',
    '!&#8221;!',
    '!&Prime;!',
    '!&#8243;!',
    '!in(ch(es)?|\.)?!',

    //Single Quotes
    '!&acute;!',
    '!&lsquo;!',
    '!&#[0]?39;!',
    '!&rsquo;!',
    '!&#8216;!',
    '!&#8217;!',
    '!&#8242;!',
    '!&prime;!',
    '!f(oo|ee)?t\.?!',

    //Conversions
    '!( 1/2|\.5)&apos;!',
    '!( 1/4|\.25)&apos;!',
    '!( 1/3|\.3(3(3)?)?)&apos;!',
    '!( 3/4|\.75)&apos;!',

    //cleanup
    '! (&)!',
    '!;([0-9])!',

    //fraction to decimal inch conversions
    '! 1/2!','! 1/4!','! 1/3!','! 3/4!',

    );

    $replacements = array(
    '&quot;','&quot;','&quot;','&quot;','&quot;','&quot;','&quot;','&quot;',
    '&apos;','&apos;','&apos;','&apos;','&apos;','&apos;','&apos;','&apos;','&apos;',
    '&apos; 6&quot;','&apos; 3&quot;','&apos; 4&quot;','&apos; 9&quot;',"$1","; $1",
    '.5','.25','.33','.75',
    );
        echo "<pre>";
    foreach($heights as $value){
        $value = htmlentities($value,ENT_QUOTES);

        echo "$value becomes ".preg_replace($patterns,$replacements,$value)."\n";
    }
        echo "</pre>";
?>

输出看起来像

5' 6" becomes 5' 6"
5ft 6in becomes 5' 6"
5 feet 6 inches becomes 5' 6"
5.5' becomes 5' 6"
5'6" becomes 5' 6"
5 1/2' becomes 5' 6"
3 foot 5 inches becomes 3' 5"
2ft 8in becomes 2' 8"
3 1/4in becomes 3.25"
3 1/4ft becomes 3' 3"
于 2013-03-28T06:33:29.567 回答