编辑值时,mysql_real_escape_string(htmlspecialchars)函数不起作用

时间:2014-03-06 07:36:00

标签: php mysql

我在我的网站上使用意大利语作为主要语言,因此当我编辑细节时,一些语言字符会自动转换为特殊字符。有谁知道如何解决这个问题......!

这是我用来编辑数据库值和转换特殊字符的代码

$title7      = mysql_real_escape_string(htmlspecialchars($_POST['title7']));
$description7    = mysql_real_escape_string(htmlspecialchars($_POST['description7']));

以下是我用来编辑数据库值的完整代码

// connect to the database
 include('db.php');

 if (isset($_POST['submit']))
 { 
 // confirm that the 'id' value is a valid integer before getting the form data
 if (is_numeric($_POST['id']))
 {
 // get form data, making sure it is valid
 $id = $_POST['id'];
 $language       = mysql_real_escape_string($_POST['txtLanguage']);
 $pkg_name       = mysql_real_escape_string($_POST['pkg_name']); 
 $category       = mysql_real_escape_string($_POST['category']);
 $title          = mysql_real_escape_string($_POST['title']);
 $description1   = mysql_real_escape_string($_POST['description1']);
 $title2         = mysql_real_escape_string($_POST['title2']);
 $description2   = mysql_real_escape_string($_POST['description2']);

 if ($pkg_name == '' || $category == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in Package name field!';

 //error, display form
 renderForm($id,$language,$pkg_name,$category,$title,$description1,$title2,$description2);
 }
 else
 {   

 // save the data to the database
 mysql_query("UPDATE saved_packages SET 
 language       ='$language',
 pkg_name       ='$pkg_name', 
 category       ='$category', 
 title          ='$title',
 description1   ='$description1', 
 title2         ='$title2', 
 description2   ='$description2', 
 WHERE id='$id'"); 

 // once saved, redirect back to the view page
 header("Location: adm_view_package.php"); 
 }
 }
 else
 {
 // if the 'id' isn't valid, display an error
 echo 'Error!';
 }

这是结果 enter image description here

1 个答案:

答案 0 :(得分:2)

将数据保存到数据库时,请勿使用htmlspecialchars

你应该这样做:

$title7      = mysql_real_escape_string($_POST['title7']);
$description7    = mysql_real_escape_string($_POST['description7']);

当从数据库渲染数据时,使用它:

echo htmlspecialchars($title7);
echo htmlspecialchars($description7);
相关问题
最新问题