我有这个表格有很多部分,其中一些有数组的名称,因为它们应该动态加起来。我首先尝试对它们执行htmlspecialchars,然后在单击提交按钮后,在下一个确认页面上回显它们,但由于某种原因它将无法工作。我在$ clean上做了print_r,但它没有显示它们的输入$值,所以我不知道我做错了什么。
如果有人可以帮助我,那将会很棒。
谢谢。
这是htmlspecialchars代码的一部分。
$clean = array();
if( !empty($_POST) ) {
foreach( $_POST as $key => $value ) {
if( is_array($key)){
foreach($key as $key2 => $value2)
$clean[$key2] = htmlspecialchars( $value2, ENT_QUOTES);
} else {
$clean[$key] = htmlspecialchars( $value, ENT_QUOTES);
}
}
}
这是它的一部分
<div class="seconf-h-form">
<label>Multiple</label>
<input type="radio" id="r2" name="team_select"
onchange="toggleFunc('ex_t_button');" value="Multiple"/>
</div>
<div class="element_wrap" id="box_2">
<input type="submit" name="add" id="add" value="add more">
<label>The name of your team</label>
<input type="text" name="ex_team_n[]" id="ex_team_n"/>
<select name="ex_amount[]">
<option value="">Select</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
</select>
<div id="add_section"></div>
这是我回应它的部分
<div class="element_wrap">
<label>The name of your team</label>
<p><?php echo $clean['ex_team_n']; ?></p>
</div>
<div class="element_wrap">
<label>The number of your team</label>
<p><?php echo $clean['ex_amount']; ?></p>
</div>
<input type="hidden" name="amount" value="<?php if(
$clean['team_select'] === "Multiple"){echo $clean['ex_team_n'];} ?>">
<input type="hidden" name="amount" value="<?php if(
$clean['team_select'] === "Multiple"){echo $clean['ex_amount'];} ?>">
答案 0 :(得分:3)
您可以使用array_walk_recursive()来转义数组中的所有数据:
// Sample data, you can use $_POST instead or any other array
$array = array(
[
'a_key' => '<b>html</b>',
'b_key' => '<a href="http://example.com/">another code</a>',
'c_key' => array('<script>alert(\'Hello\');</script>', 'No code, no change'),
],
[
'd_key' => '<small>ssup</small>',
'e_key' => 'stack',
'f_key' => 'overflow',
],
);
// Function to escape the value, you must pass the item by reference using the & operator
function html_escape(&$item){
$item = htmlspecialchars($item, ENT_QUOTES);
}
// Dump data before escaping
var_dump($array);
// Walk recursively through the array and call our function
array_walk_recursive($array, 'html_escape');
// Dump data after escaping
var_dump($array);
转义之前转储的数据
array (size=2)
0 =>
array (size=3)
'a_key' => string '<b>html</b>' (length=11)
'b_key' => string '<a href="http://example.com/">another code</a>' (length=46)
'c_key' =>
array (size=2)
0 => string '<script>alert('Hello');</script>' (length=32)
1 => string 'No code, no change' (length=18)
1 =>
array (size=3)
'd_key' => string '<small>ssup</small>' (length=19)
'e_key' => string 'stack' (length=5)
'f_key' => string 'overflow' (length=8)
转义后转储的数据
array (size=2)
0 =>
array (size=3)
'a_key' => string '<b>html</b>' (length=23)
'b_key' => string '<a href="http://example.com/">another code</a>' (length=68)
'c_key' =>
array (size=2)
0 => string '<script>alert('Hello');</script>' (length=54)
1 => string 'No code, no change' (length=18)
1 =>
array (size=3)
'd_key' => string '<small>ssup</small>' (length=31)
'e_key' => string 'stack' (length=5)
'f_key' => string 'overflow' (length=8)
array_walk_recursive() 的答案 1 :(得分:0)
你没有迭代正确的对象,也没有创建内部数组。
替换行:
if( is_array($key)){
foreach($key as $key2 => $value2)
$clean[$key2] = htmlspecialchars( $value2, ENT_QUOTES);
与
if( is_array($value)){
foreach($value as $key2 => $value2) {
if (!isset($clean[$key])) $clean[$key] = array();
$clean[$key][$key2] = htmlspecialchars( $value2, ENT_QUOTES);
}
然后它应该正常工作。
答案 2 :(得分:0)
function sanitizeMyArray($array) {
array_walk_recursive($array, 'standard');
return $array;
}
function standard(&$item, $key) {
//You must return this to $item for it to work.
$item = htmlspecialchars($item, ENT_QUOTES);
return $item;
}
$results = sanitizeMyArray($array);
print_r($results)