PHP 版本:5.3.19 MYSQL 版本:5.0.96
我有一个包含 xml 数据的字段的数据库表:
XML 数据:
<?xml version="1.0"?>
<book>
<page>
<data>Page 1</data>
</page>
<page>
<data>Page 2</data>
</page>
<page>
<data>Page 3</data>
</page>
</book>
我已经成功显示了 xml 数据,现在我正在尝试用 php 更新它
PHP代码:
$id = 1;
$fav_id = $id;
$userid = 1;
$data_update = '<p style="text-align: center;"><span style="text-decoration: underline; font-size: xx-large;"><em><strong>Title</strong></em></span></p>';
$page_number = 0;
mysql_select_db($database_main, $main);
$query_Recordset1 = "SELECT * FROM projects WHERE id = $id";
$Recordset1 = mysql_query($query_Recordset1, $main) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
$xmldata = (string)$row_Recordset1['projectData'];
$parsed = simplexml_load_string($xmldata);
$data = $parsed->xpath('//data');
$data[$page_number] = $data_update;
$x = 0;
$array_length = count($data);
while($x < $array_length){
if($x==0){
$finalData .= '<?xml version="1.0"?><book>';
}
$finalData .= "<page><data>$data[$x]</data></page>";
if($x==$array_length-1){
$finalData .= "</book>";
}
$x++;
}
$FinalData = mysql_real_escape_string($finalData);
$updateSQL = "UPDATE projects SET projectData=$finalData WHERE id=$fav_id";
mysql_select_db($database_main, $main);
$Result1 = mysql_query($updateSQL, $main) or die(mysql_error());
我希望最终结果是:
<?xml version="1.0"?>
<book>
<page>
<data>
<p style="text-align: center;">
<span style="text-decoration: underline; font-size: xx-large;">
<em><strong>Title</strong></em>
</span>
</p>
</data>
</page>
<page>
<data>Page 2</data>
</page>
<page>
<data>Page 3</data>
</page>
</book>
虽然当我尝试addslashes()
并mysql_real_escape_string()
得到:
数据:
<p center;\\\"="" style="\\\"text-align:">
<span xx-large;\\\"="" font-size:="" underline;="" style="\\\"text-decoration:">
<em>
<strong>Title</strong>
</em>
</span>
</p>
我的问题是为什么这两个函数 [addslashes()
和mysql_real_escape_string()
] 给了我上面的结果,我该如何防止它发生?