如何避免代码插入数据库
如何避免代码插入数据库(例如:),同时仍然保持从文本框中应用于div的css。请参阅下面的图片并查看列打开信息,您将看到html代码正在插入此列。有插入css的div和css。我知道这听起来很愚蠢但是如何避免将这些代码插入到db中。我在下面附上了我的模型,视图和控制器代码。
我的型号代码是(student.php):




public function updatestudent($open_id, $from, $to, $openletter, $featured, $title, $archieve, $latest, $sponsor, $image, $category)
{
$data = array('open_id'=>$open_id, 'from'=>$from, 'to'=>$to, 'openletter'=>$openletter, 'featured'=>$featured, 'title'=>$title, 'archieve'=>$archieve, 'latest'=>$latest, 'sponsor'=>$sponsor, 'image'=>$image, 'category'=>$category);
$this->db->where('open_id', $open_id);
return($this->db->update('country',$data));
}
我的控制器代码是(home.php):




public function editstudent($open_id)
{
$query['data']=$this->student->showstudentCon($open_id);
if (isset($_POST['submit']))
{
$this->form_validation->set_rules('open_id', 'open_id', 'required');
$this->form_validation->set_rules('from', 'from', 'required');
$this->form_validation->set_rules('to', 'to', 'required');
$this->form_validation->set_rules('openletter', 'openletter', 'required');
$this->form_validation->set_rules('featured', 'featured', 'required');
$this->form_validation->set_rules('title', 'title', 'required');
$this->form_validation->set_rules('archieve', 'archieve', 'required');
$this->form_validation->set_rules('latest', 'latest', 'required');
$this->form_validation->set_rules('sponsor', 'sponsor', 'required');
$this->form_validation->set_rules('image', 'image', 'required');
$this->form_validation->set_rules('category', 'category', 'required');
if ($this->form_validation->run() == FALSE)
{
$this->load->view('file/header');
$this->load->view('file/menu');
$this->load->view('form', $query);
$this->load->view('file/footer');
}
else {
$open_id=$_POST['open_id'];
$from=$_POST['from'];
$to=$_POST['to'];
$openletter=$_POST['openletter'];
$featured=$_POST['featured'];
$title=$_POST['title'];
$archieve=$_POST['archieve'];
$latest=$_POST['latest'];
$sponsor=$_POST['sponsor'];
$image=$_POST['image'];
$category=$_POST['category'];
$result=$this->student->updatestudent($open_id, $from, $to, $openletter, $featured, $title, $archieve, $latest, $sponsor, $image, $category);
if($result)
{
$this->load->view('file/header');
$this->load->view('file/menu');
echo "<div class='success'>";
echo "Successfully Updated";
echo "</div>";
$this->load->view('file/footer');
}
else {
$this->load->view('file/header');
$this->load->view('file/menu');
echo "<div class='error'>";
echo "Somthins Is Missing";
echo "</div>";
$this->load->view('file/footer');
}
}
}
else {
$this->load->view('file/header');
$this->load->view('file/menu');
$this->load->view('form', $query);
$this->load->view('file/footer');
}
}
我的观点代码是(demoview.php):
&#13;
&#13;
&#13;
&#13;
<script>
$(document).ready(function() {
$('#datatable').DataTable();
} );
</script>
<div class="content">
<h2>Welcome Back, <?php echo $name=$this->session->userdata('username'); ?>!</h2>
<h2>Open Letters</h2>
<div class="divider"></div>
<br/>
<?php
echo "<table style='border: 1px solid black' id='datatable' class='display' cellspacing='0' width='100%'>";
$head="<thead>
<tr style='border: 1px solid black'>
<th>From</th>
<th>To</th>
<th>Title</th>
<th>open_id</th>
<th>archieve</th>
<th>latest</th>
<th>sponsor</th>
<th>Image</th>
<th>category</th>
</tr>
</thead>";
$foot="<tfoot>
<tr style='border: 1px solid black'>
<th>From</th>
<th>To</th>
<th>Title</th>
<th>open_id</th>
<th>archieve</th>
<th>latest</th>
<th>sponsor</th>
<th>Image</th>
</tr>
</tfoot>";
echo $head;
echo $foot;
echo "<tbody>";
foreach($query as $row)
{
echo "<tr style='border: 1px solid black'>";
echo "<td style='border: 1px solid black'>";
echo $row->from;
echo "</td><td style='border: 1px solid black'>";
echo $row->to;
echo "</td><td style='border: 1px solid black'>";
echo $row->title;
echo "</td><td style='border: 1px solid black'>";
echo $row->open_id;
echo "</td><td style='border: 1px solid black'>";
echo $row->archieve;
echo "</td><td style='border: 1px solid black'>";
echo $row->latest;
echo "</td><td style='border: 1px solid black'>";
echo $row->sponsor;
echo "</td><td style='border: 1px solid black'>";
echo $row->image;
echo "</td><td style='border: 1px solid black'>";
echo $row->category;
echo "</td><td style='border: 1px solid black'>";
echo "<a href='".base_url('index.php/home/editstudent').'/'.$row->open_id."'>Edit </a><a href='".base_url('index.php/home/deletestudent').'/'.$row->open_id."'>Delete</a>";
echo "</tr>";
}
echo "</tbody>";
echo "</table>";
?>
<h4><?php echo anchor('home/logout', 'Logout'); ?></h4>
</div><!--<div class="content">-->
3 个答案:
答案 0 :(得分:2)
首先在您的模型中,您不需要仅仅返回更新
public function updatestudent($open_id, $from, $to, $openletter, $featured, $title, $archieve, $latest, $sponsor, $image, $category)
{
$data = array('open_id'=>$open_id, 'from'=>$from, 'to'=>$to, 'openletter'=>$openletter, 'featured'=>$featured, 'title'=>$title, 'archieve'=>$archieve, 'latest'=>$latest, 'sponsor'=>$sponsor, 'image'=>$image, 'category'=>$category);
$this->db->where('open_id', $open_id);
$this->db->update('country',$data);
}
其次,只做$openletter = strip_tags($_POST['openletter']);即可
而HTML将会消失。请参阅strip_tags
答案 1 :(得分:1)
strip_tags - 从字符串中删除HTML和PHP标记
string strip_tags(string $ str [,string $ allowable_tags])
因此,使用strip_tags您的控制器将具有:
$openletter=strip_tags($_POST['openletter']);
答案 2 :(得分:0)
您可以在模型文件中使用strip_tags: -
public function updatestudent($open_id, $from, $to, $openletter, $featured, $title, $archieve, $latest, $sponsor, $image, $category)
{
$openletter = strip_tags($openletter);
$data = array('open_id'=>$open_id, 'from'=>$from, 'to'=>$to, 'openletter'=>$openletter, 'featured'=>$featured, 'title'=>$title, 'archieve'=>$archieve, 'latest'=>$latest, 'sponsor'=>$sponsor, 'image'=>$image, 'category'=>$category);
$this->db->where('open_id', $open_id);
return($this->db->update('country',$data));
}
它可能对你有帮助。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?