如何使用php
从mysql中检索div标签我成功地使用mysql_real_escape_string($test)将div标签插入mysql,但是当我使用相同的mysql_real_escape_string(field)从mysql检索相同的字段时遇到问题,请为此提供解决方案...
答案 0 :(得分:0)
使用php函数stripslashes(field)
答案 1 :(得分:0)
//mysql_real_escape_string() is only used in inserting special chars like ' and " by escaping it.it puts \ before ' or " to be \' or \"
//it is very handy also in handling injection against hackers
//conclusion mysql_real_escape_string() only used in insert queries.
//if you want to retrieve it from db follow this example
$connected=mysql_connect($your_db_host,$your_db_uname,$your_db_pass);
if(!$connected){
die(mysql_error());
}
mysql_select_db($your_db_name) or die(mysql_error());
mysql_query("SET NAMES utf8") or die(mysql_error());
mysql_query("SET CHARSET utf8") or die(mysql_error());
$sql="SELECT your_field FROM your_table WHERE id='".intval($_GET["your_id"])."' ";
//always use intval with integers to prevent injection
//assuming the id is in _GET array
$results=mysql_query($sql);
if(!$results){
echo 'no data found!';
//die(mysql_error());
}else{
while($row=mysql_fetch_array($results)){
echo "my filed value : ".stripslashes($row["your_field"]);
//stripslashes() is used to remove \" and \' ==> to be ' and " only without slashes
echo "<br/>";
//if your field contains <html> tags or <div> the browser will understand it automatically and translates it
//notice if you need to echo html content in <input> field for example ==> you need to htmlentities($the_out) before print it.
//for example <input id='myinput' name='myinput' value='<?php echo htmlentities($row["your_field"]);?>' />
//why ? because if your $row["your_field"] contains html tags within -> it will break the input structure
//it would be something corrupt like
// <input id='myinput' name='myinput' value='<div><p><strong>blablabla</strong>blablabla</p></div>' />
}
}