SonataAdminBundle不会转义输入字段

时间:2013-10-21 20:20:01

标签: php symfony sonata-admin

我正在尝试将一个查询插入输入字段以及html代码,但它会被转义,这是我目前使用的:

class ShopAdmin extends Admin{

    protected $datagridValues = array(
        '_page' => 1,            // display the first page (default = 1)
        '_sort_order' => 'DESC', // reverse order (default = 'ASC')
        '_sort_by' => 'website'  // name of the ordered field
        // (default = the model's id field, if any)

        // the '_sort_by' key can be of the form 'mySubModel.mySubSubModel.myField'.
    );


    // Fields to be shown on create/edit forms
    protected function configureFormFields(FormMapper $formMapper)
    {
        $formMapper
            ->add('name', 'text', array('label' => 'Item name'))
            ->add('description', 'textarea', array(
                'label' => 'Item description',
                'attr'  => array(
                    'class' => 'redactor-init',
                    'style' => 'width: 683px;'
                )
            ))
            ->add('amount', 'text', array('label' => 'Item price'))
            ->add('visible', 'checkbox', array('label' => 'Item visibility'))
            ->add('command', 'text', array('label' => 'Item command'))
            ->add('type', 'text', array('label' => 'Item type (SQL or COMMAND)'))
            ->add('image', 'text', array('label' => 'Item image'))
            ->add('reduction', 'text', array('label' => 'Item reduction'))
            ->add('reduction', 'text', array('label' => 'Item priority'))
            ->add('section', 'entity', array('class' => 'Maxim\CMSBundle\Entity\Section'))
            //->add('server', 'entity', array('class' => 'Maxim\CMSBundle\Entity\Server'))
            ->add('website', 'entity', array('class' => 'Maxim\CMSBundle\Entity\Website'))
        ;
    }

    // Fields to be shown on filter forms
    protected function configureDatagridFilters(DatagridMapper $datagridMapper)
    {
        $datagridMapper
            ->add('name')
            ->add('visible')
            ->add('section')
            //->add('server')
            ->add('website')
        ;
    }

    // Fields to be shown on lists
    protected function configureListFields(ListMapper $listMapper)
    {
        $listMapper
            ->addIdentifier('name')
            ->add('visible', 'boolean', array('editable' => true))
            ->add('section')
            //->add('server')
            ->add('website')
        ;
    }

}

但是我试图让它无法逃脱,我使用的类型textarea,字符串和文本,但它们似乎没有正确工作

我需要将它插入db:

"UPDATE `db_perks` SET life_boost=life_boost+10 WHERE name="{USER}";

但它逃脱了:

"UPDATE `db_perks` SET life_boost=life_boost+10 WHERE name=\"{USER}\";

0 个答案:

没有答案