我刚刚将我的网站编辑器从常规的十年旧bbcode编辑器更改为最新的ckeditor。一切正常,期望一旦用CKeditor提交评论,输出就会显示为
<p>Testing</p>
<p> </p>
所以最后输出会显示html代码。如何让它不显示html代码并实际执行html指定的内容,例如粗体字,斜体,居中等。
顺便说一句,我是网站开发的新手,所以请尽量简单解释一下,否则我可能听不懂你在说什么。我还添加了我正在使用的代码。
<?php
session_start();
include "init.php";
$pg_title = "Comments";
if($_SESSION['auth'] && $_SESSION['auth']['ip_address'] == ip2long(get_real_ip()) && isset($_SESSION['auth']['sid']))
{
include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';
$id = $_GET['id'];
$pg = $_GET['pg'];
if(!preg_match("/[0-9]+/", ($id or $pg)))
{
echo '<div style="text-align: center;">The news ID or page number cannot be found in our database.</div>';
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
exit();
}
if(!isset($id) or !isset($pg) or empty($id) or empty($pg))
{
echo '<div style="text-align: center;">The news ID or page number cannot be found in our database.</div>';
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
exit();
}
$sql = mysql_connect($config['mysql_host'], $config['mysql_user'], $config['mysql_pass']);
mysql_select_db($config['mysql_name'], $sql);
$news = mysql_fetch_array(mysql_query("SELECT * FROM news WHERE id = '$id'"));
$limit = 20;
$comment_num = $news['comments'];
$pages_num = ceil($comment_num/$limit);
$comments = "(<strong>$comment_num</strong>)";
if($pages_num == 0) {
$comments = "<a href=\"comments,".$news[0].",1.html\">$comments</a>";
} else {
$comments = "<a href=\"comments,".$news[0].",$pages_num.html\">$comments</a>";
}
?>
<div class="post">
<div class="title">
<div class="left"> </div>
<div class="main">
<h2><?php echo stripslashes($news[1]); ?></h2>
<p><span>Posted by:</span> <?php echo "<a href=\"profile,".strtolower($news[2]).".html\">".ucwords($news[2])."</a> <span>On:</span> ".$news[4].""; ?></p>
</div>
<div class="comment"><?php echo $comments; ?></div>
<div class="right"> </div>
<div class="clr"> </div>
</div>
<div class="entry">
<p><?php echo stripslashes($news[3]); ?></p>
</div>
</div>
<?php
$limit_value = $pg * $limit - ($limit);
$comment_list = mysql_query("SELECT * FROM comments WHERE news_id = '$id' LIMIT $limit_value, $limit");
if(mysql_num_rows($comment_list) == 0) {
echo '<div style="text-align: center; margin-bottom: 20px;"><em>No comments have been posted yet.</em></div>';
// echo "<div style=\"height: 1px; background: url('http://localhost/projects/bleachexile.com/templates/v3/images/split.gif') repeat-x bottom left; margin: 1px 0px 1px 0px;\"></div>";
}
?>
<style type="text/css">
<!--
table, tr, td { border: 1px solid #2e2e2e; border-collapse: collapse; }
.bbcode a { margin-left: 5px; padding: 0; float: left; border: 1px solid #242424; line-height: 0; }
.bbcode a:hover { background-color: #242424; border: 1px solid #2e2e2e; }
.bbcode a img { border: 0; }
.spoiler { width: 80%; margin: 10px auto; visibility: hidden; cursor: default; cursor: hand; }
.spoiler div { visibility: visible; text-align: center; border: 1px solid #2e2e2e; background-color: #242424; font-weight: bold; }
.code { margin: 10px 5px; font-family: Courier New; }
-->
</style>
<?php
$timenow = time();
$cc = ceil(mysql_num_rows(mysql_query("SELECT * FROM comments WHERE news_id = '$id'"))/20);
if(mysql_num_rows($comment_list) != 0)
{
echo '<div style="border: 1px solid #2e2e2e; background: #242424; padding: 2px 4px 2px 4px; margin-bottom: 12px;">
<div style="float: right; margin-top: 3px;">Current Page: '.$pg.' of '.$cc.'</div>';
echo "<form name=\"pageForm\" method=\"get\" action=\"\" style=\"margin: 0px; padding: 0px;\">Go to page: <select name=\"pg\" onchange=\"document.location=this.value\" style='width: 40px;'>";
for($i = 1; $i <= $cc; $i++)
{
if($i == $pg) {
echo "<option value=\"comments,$id,$i.html\" selected=\"selected\">$i</option>";
} else {
echo "<option value=\"comments,$id,$i.html\">$i</option>";
}
}
echo "</select> of $cc</form>";
echo '</div>';
}
while($row = mysql_fetch_array($comment_list))
{
$x = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '{$row['poster']}'"));
if($x['active'] < ($timenow - 300))
{
$y = '<strong style="color: red;">Offline</strong>';
}
else
{
$y = '<strong style="color: green;">Online</strong>';
}
echo '<table width="100%" border="0" cellspacing="0" cellpadding="2" style="margin-bottom: 12px;">';
echo '<tr>';
?><td align="center" valign="top" width="1%" style="padding: 2px;">
<?php
$ava = explode("|", $x['user_avatar']);
if($ava[0] == "local")
{
$img = getimagesize(ROOT . "/images/uploads/avatars/".strtolower($x['username']).$ava[1]."");
echo '<img src="images/uploads/avatars/' . strtolower($x['username']) . $ava[1] . '" width="'.$img[0].'" height="'.$img[1].'" alt="'.ucwords($x['username']).'\'s Avatar" />';
}
else
{
echo '<img src="templates/v3/images/no_avatar.gif" width="75" height="75" alt="No Avatar" />';
}
echo "<div style='margin-top: -2px; text-align: center;'>";
if ($x['custom_rank'] == NULL) {
if($x['posts'] <= 200 and $x['rank'] != "1") {
echo "Human";
} elseif($x['posts'] > 200 and $x['posts'] <= 500 and $x['rank'] != "1") {
echo "Student Exorcist";
} elseif($x['posts'] > 500 and $x['posts'] <= 700 and $x['rank'] != "1") {
echo "Novice Exorcist";
} elseif($x['posts'] > 700 and $x['posts'] <= 800 and $x['rank'] != "1") {
echo "Advanced Exorcist";
} elseif($x['posts'] > 800 and $x['posts'] <= 900 and $x['rank'] != "1") {
echo "Equip Type Exorcist";
} elseif($x['posts'] > 900 and $x['posts'] <= 1000 and $x['rank'] != "1") {
echo "Parasite Type Exorcist";
} elseif($x['posts'] > 1000 and $x['posts'] <= 1200 and $x['rank'] != "1") {
echo "Division Leader";
} elseif($x['posts'] > 1200 and $x['posts'] <= 1500 and $x['rank'] != "1") {
echo "General";
} elseif($x['posts'] > 1500 and $x['posts'] <= 1800 and $x['rank'] != "1") {
echo "Akuma";
} elseif($x['posts'] > 1800 and $x['posts'] <= 2000 and $x['rank'] != "1") {
echo "Akuma Level 2";
} elseif($x['posts'] > 2000 and $x['posts'] <= 2500 and $x['rank'] != "1") {
echo "Akuma Level 3";
} elseif($x['posts'] > 2500 and $x['posts'] <= 3500 and $x['rank'] != "1") {
echo "Akuma Level 4";
} elseif($x['posts'] > 3500 and $x['posts'] <= 4500 and $x['rank'] != "1") {
echo "Noah Family Member";
} elseif($x['posts'] > 4500 and $x['posts'] <= 5000 and $x['rank'] != "1") {
echo "S-Class Missing-nin";
} elseif($x['posts'] > 5000 and $x['posts'] <= 6000 and $x['rank'] != "1") {
echo "Legendary Sannin";
} elseif($x['posts'] > 6000 and $x['posts'] <= 8000 and $x['rank'] != "1") {
echo "Kage";
} elseif($x['posts'] > 8001 and $x['rank'] != "1") {
echo "Hokage";
} elseif($x['rank'] == "1") {
echo "<span style='font-weight: bold; color: royalblue;'>Administrator</span>";
}
} else {
echo '<span style="color: maroon;">'.$x['custom_rank'].'</span>';
if($x['rank'] == "1") {
echo "<br /><span style='font-weight: bold; color: royalblue;'>Administrator</span>";
}
}
echo "</div>";
echo "<div style='text-align: center;'>";
echo "<strong>Posts:</strong> " . $x['posts'];
echo "</div>";
echo '<td align="left" valign="top" style="background: #242424;"><div style="border-bottom: 1px solid #2e2e2e; background: #323232;"><div style="padding: 2px;">Posted by <strong><a href="profile,'.strtolower($row['poster']).'.html">'.ucwords($row['poster']).'</a></strong> on '.$row['date'].'</div></div><div style="padding: 2px;">'.stripslashes($row['comment']).'</div></td></td>';
echo '</tr>'; // comments,'.$id.','.$pg.','.$row['id'].'.html
if($x['donor'] == 1 or $x['referrals'] >= 25)
{
$xxx = '<em style="font-size: 11px; font-weight: bold; color: #1b9eb2;">Supportive Member!</em>';
}
else
{
$xxx = "";
}
echo '<tr><td colspan="2" align="right" style="background: #323232; padding: 2px;"><div style="float: left;">'.$xxx.'</div>'.ucwords($row['poster']).' is '.$y.' | <a href="#quoteMessage" onClick="mQuoteMessage('.$row['id'].'); return false;">Quote Comment</a> | <a href="message,'.strtolower($row['poster']).'.html">Private Message</a></td></tr>';
echo '</table>';
}
?>
<a name="checkComments"></a>
<script type="text/javascript">
var newComment = 'null';
function makeRequest(url) {
var http_request = false;
if (window.XMLHttpRequest) { // Mozilla, Safari, ...
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
http_request.overrideMimeType('text/xml');
// See note below about this line
}
} else if (window.ActiveXObject) { // IE
try {
http_request = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
}
if (!http_request) {
return false;
}
http_request.onreadystatechange = function() { doContents(http_request); };
http_request.open('GET', url, true);
http_request.send(null);
}
function doContents(http_request) {
if (http_request.readyState == 4) {
if (http_request.status == 200) {
newComment = http_request.responseText;
if (newComment > 0) {
document.getElementById('comCheck').innerHTML = 'There are ' + newComment + ' new comments. Would you like to?<br /><a href="#checkComments" onclick="SetDefault();">cancel</a> <a href="#checkComments" onclick="location.reload();">reload</a>';
} else {
document.getElementById('comCheck').innerHTML = 'No new comments found. <br /><a href="#checkComments" onclick="StartScan();">Try again</a>';
}
}
}
}
function SetDefault() {
document.getElementById('comCheck').innerHTML = '<a href="#checkComments" onclick="StartScan();">Check for new comments</a>';
}
function StartScan() {
document.getElementById('comCheck').innerHTML = 'Checking in progress, please wait...';
<!-- Do The OnLine Scan -->
makeRequest('com_update.php?id=<?=$id?>¤t=<?=$comment_num?>');
}
</script>
<div style="border: 1px solid #2e2e2e; background: #242424; padding: 2px 4px 2px 4px; margin-bottom: 12px; text-align: center;" id="comCheck">
<a href="#checkComments" onclick="StartScan(); StartScan();">Check for new comments</a>
</div>
<?php
if(mysql_num_rows($comment_list) != 0)
{
echo '<div style="border: 1px solid #2e2e2e; background: #242424; padding: 2px 4px 2px 4px; margin-bottom: 12px;">
<div style="float: right; margin-top: 3px;">Current Page: '.$pg.' of '.$cc.'</div>';
echo "<form name=\"pageForm\" method=\"get\" action=\"\" style=\"margin: 0px; padding: 0px;\">Go to page: <select name=\"pg\" onchange=\"document.location=this.value\" style='width: 40px;'>";
for($i = 1; $i <= $cc; $i++)
{
if($i == $pg) {
echo "<option value=\"comments,$id,$i.html\" selected=\"selected\">$i</option>";
} else {
echo "<option value=\"comments,$id,$i.html\">$i</option>";
}
}
echo "</select> of $cc</form>";
echo '</div>';
}
?>
<script type="text/javascript" src="/exec/js/bbcode.js"></script>
<form name="textForm" id="textForm" method="post" action="" style="margin: 0px; padding: 0px;">
<?
if(!isset($_POST['submit']))
{
echo '<legend style="color: #1b9eb2;">Comment</legend>';
echo '<div style="padding-bottom: 4px;"></div>';
echo '<strong>Body Message:</strong><br /><textarea class="ckeditor" name="textArea" id="textArea" style="width: 100%; height: 100px;">';
echo '</textarea>';
echo '<div style="margin-top: 8px;"></div><input type="submit" name="submit" id="submit" value="Post Comment" style="width: 88px;" /> ';
echo '</form>';
}
else
{
$comment = trim($_POST['textArea']);
if(!isset($comment) or empty($comment) or (strlen($comment) < 3) or (strlen($comment) > 3000))
{
echo '<fieldset style="padding: 4px; margin-top: 8px;">';
echo '<legend style="color: #1b9eb2;">Comment</legend>';
echo '<div style="padding-bottom: 4px; color: red;">The length of the entered comment was insufficient.</div>';
echo '<strong>Body Message:</strong><br /><textarea class="ckeditor" name="textArea" id="textArea" style="width: 530px; height: 100px;">';
echo '</textarea>';
echo '</fieldset>';
echo '<div style="margin-top: 8px;"></div><input type="submit" name="submit" id="submit" value="Post Comment" style="width: 88px;" /> <input type="reset" name="reset" id="reset" value="Reset Friends" style="width: 87px;" />';
echo '</form>';
}
else
{
$date = date("l, F jS, Y \a\\t h:i:s A");
$comment = htmlspecialchars($comment);
// ADVANCED BBCODE PREG PATTERNS - DON'T EVEN DARE TO MODIFY :)))
$validUsername = "[a-zA-Z0-9]{3,16}";
$validDate = "[a-zA-Z0-9]+,\s?[a-zA-Z]+\s+\d+[a-zA-Z]+,\s?\d+\s+\d{2}\:\d{2}\:\d{2}\s+[a-zA-Z]{2}";
$validURL = ".*?";
$quoteBBCodePattern = '/\[QUOTE=('.$validUsername.'),\s?('.$validDate.')\](.*?)\[\/QUOTE\]/xs';
$urlBBCodePattern = '/\[URL=('.$validURL.')\](.*?)\[\/URL\]/';
// SIMPLE BBCODE REPLACE
$comment = preg_replace("/\[(B|b|I|i|U|u)\]/", "<$1>", $comment);
$comment = preg_replace("/\[\/(B|b|I|i|U|u)\]/", "</$1>", $comment);
$comment = preg_replace("/\[(CODE|code)\](.*?)\[\/(CODE|code)\]/xs", '<div class="code">\\2</div>', $comment);
$comment = preg_replace("/\[URL\]((http:\/\/)?(.*?))\[\/URL\]/", "<a href=\"http://\\3\">\\1</a>", $comment);
$comment = preg_replace("/\[QUOTE\](.*?)\[\/QUOTE\]/xs", "<div class=\"quote\">$1</div>", $comment);
$comment = preg_replace("/\[SPOILER\](.*?)\[\/SPOILER\]/xs", "<div class=\"spoiler\" onclick=\"this.style.visibility='visible';\"><div>SPOILER</div>$1</div>", $comment);
// ADVANCE BBCODE REPLACE
$comment = preg_replace($quoteBBCodePattern, '<div class=\"quote\">$1 on $2<div class=\"under\">$3</div></div>', $comment);
$comment = preg_replace($urlBBCodePattern, '<a href="$1">$2</a>', $comment);
$comment = nl2br(addslashes($Std->parseEmoticons($comment)));
mysql_query("INSERT INTO comments (news_id, poster, date, comment) VALUES ('$id', '".ucwords($_SESSION['auth']['username'])."', '$date', '$comment')");
mysql_query("UPDATE news SET comments = (comments + 1) WHERE id = '$id'");
mysql_query("UPDATE users SET posts = (posts + 1) WHERE id = '{$_SESSION['auth']['uid']}'");
echo "<script style='text/javascript'>document.location='".$_SERVER['REQUEST_URI']."'</script>";
/* echo '<form name="post_comment" id="post_comment" method="post" action="" style="margin: 0px; padding: 0px;">';
echo '<fieldset style="padding: 4px;">';
echo '<legend style="color: #456194;">Comment</legend>';
echo '<div style="padding-bottom: 4px; color: green;">Your comment has been successfully submitted. <a href="comments,'.$news[0].','.$pages_num.'.html">Click here</a> to display your comment.</div>';
echo '<strong>Body Message:</strong><br /><textarea name="comment_post" id="comment_post" style="width: 495px; height: 100px;">'.stripslashes($comment).'</textarea>';
echo '</fieldset>';
echo '<div style="margin-top: 8px;"></div><input type="submit" name="submit" id="submit" value="Post Comment" style="width: 100px;" /> <input type="reset" name="reset" id="reset" value="Reset Friends" style="width: 88px;" /></div>';
echo '</form>'; */
}
}
// echo "</div>";
//echo "</div></div>";
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
} else {
header("Location: signin.html");
exit();
}
?>
答案 0 :(得分:2)
$comment = htmlspecialchars($comment);
这是你转换所有&lt;和&gt;所以它们作为<
和>