我有一个表格,其中必须插入以下类型的代码:
<iframe src="https://www.google.com/maps/embed?pb=!1m14!1m8!1m3!1d3035.058400512634!2d-3.6438669999999997!3d40.473973!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0xd422eea55d33c51%3A0x3294408e8e67eff4!2sClinica+Dental+Artidental!5e0!3m2!1ses!2ses!4v1419779677798" width="600" height="450" frameborder="0" style="border:0"></iframe>
我抓住发布的价值如下:
$mapLink = htmlspecialchars($_POST['mapLink'], ENT_QUOTES);
iframe插入如下:
<iframe src=\"https://www.google.com/maps/embed?pb=!1m14!1m8!1m3!1d3035.058400512634!2d-3.6438669999999997!3d40.473973!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0xd422eea55d33c51%3A0x3294408e8e67eff4!2sClinica+Dental+Artidental!5e0!3m2!1ses!2ses!4v1419779677798\" width=\"600\" height=\"450\" frameborder=\"0\" style=\"border:0\"></iframe>
如何使用php获取我的初始链接"<iframe src..."并将其打印出来,因为它是最初编写的?没有反斜杠,&amp; quot等
更新1
以下是我在MYSQL中插入/更新的方法:
$editCentro = $con->prepare("UPDATE centros SET active = :active, nombre = :nombre, zona = :zona, address = :address,
metro = :metro, zip = :zip, phone = :phone, fax = :fax, email = :email, mapLink = :mapLink, descripcion = :descripcion, horarios = :horarios
WHERE id = ".$centroId);
$editCentro->execute(array(':active'=>$active, ':nombre'=> $nombre, ':zona'=>$zona, ':address'=>$address, ':metro'=>$metro,
':zip'=>$zip, ':phone'=>$telefono, ':fax'=>$fax, ':email'=>$email, ':mapLink'=>$mapLink, ':descripcion'=>$descripcion, ':horarios'=>$horarios));
即使没有转义该值,它也会在双引号之前插入反斜杠...
答案 0 :(得分:1)
将字符串分配给$mapLink时,您将转义字符串:
$mapLink = htmlspecialchars($_POST['mapLink'], ENT_QUOTES);
如果要按原样将其插入数据库,只需从post中获取值,不将其转义。 (另外,这不是你用来阻止SQLi的转义)
要防止SQL注入,请使用mysql绑定,如下所示:
$stmt = $mysqli->prepare("INSERT INTO sometable (fieldA, mapField, fieldC) VALUES (?, ?, ?)");
$stmt->bind_param('sss', $someVar, $mapLink, $otherVar);
查看有关参数绑定in the PHP docs here的更多信息。
如果你有魔术引号的问题,你可以像这样剥离它们:
$mapLink = stripslashes($_POST['mapLink']);
答案 1 :(得分:0)
您是否尝试过html_entity_decode?
<?php
$orig = "I'll \"walk\" the <b>dog</b> now";
$a = htmlentities($orig);
$b = html_entity_decode($a);
echo $a; // I'll "walk" the <b>dog</b> now
echo $b; // I'll "walk" the <b>dog</b> now
?>