在wordpress数据库中插入单引号和双引号

时间:2017-10-19 17:28:29

标签: php mysql regex wordpress

我正在尝试将一些标题保存到wordpress中的mysql数据库,允许双引号和单引号。所以我希望能够插入如下字符串:

    A man's dog walked into the bar
    The "main reason" it does not work
    It's time to announce "The Show" in an hour

我的代码如下:

    $question_id = filter_var($_REQUEST['question_id'], FILTER_SANITIZE_NUMBER_INT);
    $feedback_correct = preg_replace("/[^a-zA-Z0-9'\"?_\. !&-]+/","",sanitize_text_field($_REQUEST['feedback_correct']));
    $feedback_incorrect = preg_replace("/[^a-zA-Z0-9'\"?_\. !&-]+/","",sanitize_text_field($_REQUEST['feedback_incorrect']));
    //preg_replace is to strip out any characters we dont want in the title like "<>|}{[]/"
    $data = array(
    'feedback_correct' => $feedback_correct,
    'feedback_incorrect' => $feedback_incorrect
    );

    $update_feedback = $eot_quiz->updateQuestion($data, $question_id);

updateQuestion函数:

        public function updateQuestion($data = array(), $id = 0)
        {
        global $wpdb;
        $result = $wpdb->update(TABLE_QUIZ_QUESTION, $data, array('ID' => $id));
            if ($result === false) 
            {
                return false;
            } 
            else 
            {
                return true;
            }
        }

在访问数据库之后,我的字符串看起来像:

    A man

*字符串在单引号后被切断

    The "main reason" it does not work

*双引号看起来不错

    It

*字符串在单引号后被切断

如何在数据库中正确插入这些字符串?提前致谢。

显示代码:

     <?php
      $quiz_question = $eot_quiz->get_question_by_id($question_id);

      ?>
       <div class="bs">
         <div class="panel panel-default">
            <form method="POST" action="#">
                <div class="panel-heading">
                  <h3 class="panel-title"><?= $quiz_question['quiz_question']?></h3>
                </div>
                <div class="panel-body">

                <div class="form-group">
                  <label for="feedback_correct">Feedback for correct answer</label>
                  <input type="text" class="form-control" name="feedback_correct" placeholder="Correct Feedback" value='<?= $quiz_question['feedback_correct']?>'>
                </div>
                <div class="form-group">
                  <label for="feedback_incorrect">Feedback for incorrect answer</label>
                  <input type="text" class="form-control" name="feedback_incorrect" placeholder="Incorrect Feedback" value='<?= $quiz_question['feedback_incorrect']?>'>
                </div>
                <input type='hidden' name='question_id' value="<?= $question_id ?>" />
                <input type='hidden' name='quiz_id' value="<?= $quiz_id ?>" />
                <input type='hidden' name='subscription_id' value="<?= $subscription_id ?>" />
                <input type='hidden' name='feedback' value="true" />
                <button type="submit" class="btn btn-default">Update Feedback</button>

        </div>
        <div class="panel-footer"><a href="/dashboard/?part=update_quiz_questions&question_id=<?= $question_id?>&quiz_id=<?= $quiz_id?>&subscription_id=<?= $subscription_id ?>" class="btn btn-success pull-right">Take me back to the Question</a><div style="clear:both"></div></div>
         </form>
       </div>
    </div>

2 个答案:

答案 0 :(得分:1)

在元素属性中任何时候使用esc_attr

<input type="text" class="form-control" name="feedback_correct" placeholder="Correct Feedback" value='<?php
//Always escape before echoing to an html attribute
esc_attr($quiz_question['feedback_correct']);
?>'>

答案 1 :(得分:0)

$wpdb的基类是什么?找出它的逃逸机制并使用它

或者,使用addslashes()

请不要尝试使用preg_replace,否则您可能无法处理所有需要转义的字符。 (这不仅仅是撇号和引用。)