无法从输入值中读取转义字符

时间:2014-04-02 15:05:30

标签: php post escaping

所以现在我的输入表格看起来像这样

<form method = "post" action = "Display_Department_Info.php">
            Select Department :
            <select name = "dept">
            <option value="" selected >-- Select One--</option>
            <?php
            $conn = mysqli_connect('localhost', 'root', 'root', 'DM Phase 2');
            if(!$conn) {
                echo "Failed to connect to MySQL: ".mysqli_connect_error();
            }
            $result = mysqli_query($conn, 'select name from department');
            while($row = mysqli_fetch_array($result)) {
                $val = $row['name'];
                echo "<option value ='".$val."'>".$val."</option>";
            }
            mysqli_close($conn);
        ?>
            </select>   
            <input type = "submit" value = "Submit" />

        </form> 

但是当我使用以下命令来读取特定输入的$_POST[dept]时 “儿童宜家”,它只展示“儿童”

这是我的阅读代码。

$departmentinput = mysql_real_escape_string("$_POST[dept]");

请帮忙!谢谢:3

1 个答案:

答案 0 :(得分:1)

'正在打破它,因为您使用'来引用该值:

$val = htmlspecialchars($row['name'], ENT_QUOTES);

//or

$val = htmlentities($row['name'], ENT_QUOTES);