0

允许用户输入的片段

//fetch user input and pass it in URL
alertify.prompt("Please enter note/remarks for this Form (optional):", function (e,value) {
    if (e) {
               alertify.success("Form has been submitted");
               $.post(SITE_URL+"someController/someAction",$("#frm_submit").serialize()+ "&user_id="+user_id+"&comment="+value, function( data ) {
           });

    }else{
       alertify.error("Your Form is not submitted");
    }
});

用户输入:我的项目 Google R&D for each googler

当表单发布时,输入不完整并显示如下

echo $_POST['comment']打印我的项目 Google R

在这里,如果用户输入像注释中的特殊字符&,它会破坏输入

尝试使用htmlentities($_POST['comment'])htmlspecialchars($_POST['comment'], ENT_QUOTES, 'UTF-8')不工作。

我怎么能允许用户输入特殊字符?

PS:我没有在数据库中保存这个值

4

3 回答 3

1

正如 Daan 建议的那样,&在 javascript 中破坏 URL。请找到对我有用的更新片段

//fetch user input and pass it in URL
alertify.prompt("Please enter note/remarks for this Form (optional):", function (e,value) {
    if (e) {

               alertify.success("Form has been submitted");

               //encodes special characters in user comment
               var comment = encodeURIComponent(value);

               $.post(SITE_URL+"someController/someAction",$("#frm_submit").serialize()+ "&user_id="+user_id+"&comment="+comment, function( data ) {
           });

    }else{
       alertify.error("Your Form is not submitted");
    }
});
于 2015-07-02T06:55:39.103 回答
0

使用 post 参数发送您的数据。

$.ajax({
  type: "POST",
  url: your_url,
  data: { user_id: user_id, comment: value } 
});
于 2015-07-02T06:43:38.880 回答
0

尝试这个:

stripslashes($_POST['comment'])
于 2015-07-02T06:44:31.207 回答