PHP和MySQL的问题?

时间:2010-03-31 04:05:24

标签: php mysql

当我的代码被存储并保存并输出时,我不断在输出文本中获得这些斜杠\\\\\。我怎么能摆脱这些斜线?

这是PHP代码。

if (isset($_POST['submitted'])) { // Handle the form.


require_once '../../htmlpurifier/library/HTMLPurifier.auto.php';

$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
$config->set('HTML.Doctype', 'XHTML 1.0 Strict'); // replace with your doctype
$purifier = new HTMLPurifier($config); 


$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"SELECT users.*, profile.*
                                 FROM users 
                                 INNER JOIN contact_info ON contact_info.user_id = users.user_id 
                                 WHERE users.user_id=3");

$about_me = mysqli_real_escape_string($mysqli, $purifier->purify($_POST['about_me']));
$interests = mysqli_real_escape_string($mysqli, $purifier->purify($_POST['interests']));



if (mysqli_num_rows($dbc) == 0) {
        $mysqli = mysqli_connect("localhost", "root", "", "sitename");
        $dbc = mysqli_query($mysqli,"INSERT INTO profile (user_id, about_me, interests) 
                                     VALUES ('$user_id', '$about_me', '$interests')");
}



if ($dbc == TRUE) {
        $dbc = mysqli_query($mysqli,"UPDATE profile 
                                     SET about_me = '$about_me', interests = '$interests' 
                                     WHERE user_id = '$user_id'");

        echo '<p class="changes-saved">Your changes have been saved!</p>';
}


if (!$dbc) {
        // There was an error...do something about it here...
        print mysqli_error($mysqli);
        return;
}

}


这是XHTML代码。

<form method="post" action="index.php">
    <fieldset>
        <ul>
            <li><label for="about_me">About Me: </label>
            <textarea rows="8" cols="60" name="about_me" id="about_me"><?php if (isset($_POST['about_me'])) { echo mysqli_real_escape_string($mysqli, $_POST['about_me']); } else if(!empty($about_me)) { echo mysqli_real_escape_string($mysqli, $about_me); } ?></textarea></li>

            <li><label for="my-interests">My Interests: </label>
            <textarea rows="8" cols="60" name="interests" id="interests"><?php if (isset($_POST['interests'])) { echo mysqli_real_escape_string($mysqli, $_POST['interests']); } else if(!empty($interests)) { echo mysqli_real_escape_string($mysqli, $interests); } ?></textarea></li>

            <li><input type="submit" name="submit" value="Save Changes" class="save-button" />
                <input type="hidden" name="submitted" value="true" />
            <input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li>
        </ul>
    </fieldset>

</form>

2 个答案:

答案 0 :(得分:0)

可能是您的php安装启用了Magic Quotes: http://php.net/manual/en/security.magicquotes.php

请参阅:http://www.php.net/manual/en/security.magicquotes.disabling.php了解禁用它们的方法。

答案 1 :(得分:-1)

从MySQL中提取数据时,您需要通过它来运行它以获得干净的输出:

$clean_value = stripslashes($value);
相关问题
最新问题