PHPを使用してmysqlからdivタグを取得する方法
正常に使用して mysql に div タグを挿入しmysql_real_escape_string($test)ましたが、同じフィールドを使用して mysql から同じフィールドを取得すると問題が発生しますmysql_real_escape_string(field)。これに対する解決策を教えてください...
質問する
198 次
2 に答える
0
//mysql_real_escape_string() is only used in inserting special chars like ' and " by escaping it.it puts \ before ' or " to be \' or \"
//it is very handy also in handling injection against hackers
//conclusion mysql_real_escape_string() only used in insert queries.
//if you want to retrieve it from db follow this example
$connected=mysql_connect($your_db_host,$your_db_uname,$your_db_pass);
if(!$connected){
die(mysql_error());
}
mysql_select_db($your_db_name) or die(mysql_error());
mysql_query("SET NAMES utf8") or die(mysql_error());
mysql_query("SET CHARSET utf8") or die(mysql_error());
$sql="SELECT your_field FROM your_table WHERE id='".intval($_GET["your_id"])."' ";
//always use intval with integers to prevent injection
//assuming the id is in _GET array
$results=mysql_query($sql);
if(!$results){
echo 'no data found!';
//die(mysql_error());
}else{
while($row=mysql_fetch_array($results)){
echo "my filed value : ".stripslashes($row["your_field"]);
//stripslashes() is used to remove \" and \' ==> to be ' and " only without slashes
echo "<br/>";
//if your field contains <html> tags or <div> the browser will understand it automatically and translates it
//notice if you need to echo html content in <input> field for example ==> you need to htmlentities($the_out) before print it.
//for example <input id='myinput' name='myinput' value='<?php echo htmlentities($row["your_field"]);?>' />
//why ? because if your $row["your_field"] contains html tags within -> it will break the input structure
//it would be something corrupt like
// <input id='myinput' name='myinput' value='<div><p><strong>blablabla</strong>blablabla</p></div>' />
}
}
于 2013-01-13T12:23:48.887 に答える
0
php関数を使うstripslashes(field)
于 2012-12-05T05:33:29.353 に答える