根据数组键名删除post值中的引号

时间:2014-01-26 20:36:22

标签: php arrays post

我希望能够删除“引用”名称或字段上的引文。在帖子上,所有我的字段名称和值匹配并放入一个数组然后进入数据库。在构建SQL之前和构建value-key数组之后,我如何挑出字段引号,删除用户输入的引号,然后在$values数组中添加/保留内容为我的SQL?可疑区域以评论“删除引号”

开头 
public function insertIntoDb($table, $carryUrl = NULL, $ext = '')
{
    if (in_array($table, $this->disallow_insert)) {
        self::show_error("Inserting into the table '{$table}' is not possible, check the configuration file if this is an error.");
    } elseif (!isset($table)) {
        self::show_error('Missing `table` parameter in ' . __FUNCTION__);
    }
    $resultInsert = Nemesis::query("SHOW COLUMNS FROM {$table}");
    if (!$resultInsert) {
        self::show_error(QUERY_ERROR);
    }
    $fieldnames = array();
    if ($resultInsert->num_rows > 0) {
        while ($row = $resultInsert->fetch_array()) {
            $fieldnames[] = $row['Field'];
            $values = array_intersect_key($_POST, array_flip($fieldnames));
            // $values = array_filter($values, function($x) { return $x !== ''; });
            // <5.3 $values = array_filter($values, create_function('$x', 'return $x !== "";'));
        }
    }
    // remove quotes for testimonials
    if (array_key_exists('quote', array_change_key_case($values, CASE_LOWER))) {

        $values['quote'] = preg_replace("/<!--.*?-->/", "", $values); // remove quotes

    }
    // filter the array
    $values = self::filter($values);
    $sql = sprintf("INSERT INTO %s (created, created_by, %s) VALUES (NOW(), '$_SESSION[user_id]', '%s')", $table, implode(', ', array_keys($values)), implode("', '", $values));
    if ($this->debug) {
        echo '<p>' . $sql . '</p>';
    } elseif (Nemesis::query($sql)) {
        $msg = new Messages();
        $msg->add('s', QUERY_INSERT_SUCCESS);
        if ($table == 'projects') {
            $msg = new Messages();
            $msg->add('s', "Information was added to the database. Time to add images!");
        }
        if (!is_null($carryUrl) && isset($carryUrl)) {
            redirect($carryUrl . '?id=' . $_POST['id'] . '&table=' . $table . $ext);
        }
    } else {
        self::show_error(QUERY_ERROR);
    }
}

1 个答案:

答案 0 :(得分:1)

preg_replace是一个返回值的函数,而不是void。您需要将返回的值分配回$values['quote']

// remove quotes for testimonials
if (array_key_exists('quote', array_change_key_case($values, CASE_LOWER))) {

    $values['quote'] = preg_replace("/(\"|')/", "", $values['quote']); // remove quotes

}
相关问题
最新问题