我需要<input>
的帮助。有些时候,当我要求将var插入value=""
的{{1}}部分时,它会将每个单词都放入属性中。
例如,我的标记看起来像<input>
并且<input type="hidden" name="article" this="" is="" the="" article="" text="" />
的调用是这样的
<input>
下面是实际代码
CODE:
echo '<input type="hidden" name="article" value="'.$row['article'].'" />';
输出:
echo '<input type="hidden" name="date_added" value="'.$row['date_added'].'" />';
echo '<input type="hidden" name="id" value="'.$row['id'].'" />';
echo '<input type="hidden" name="article" value="'.$row['article'].'" />';
echo '<input type="hidden" name="pub_date" value="'.$row['pub_date'].'" />';
所有其他<input type="hidden" "="" added.="" snow,"="" shoveling="" those="" times,="" four="" years="" two="" real="" worn="" only="" "i've="" balance."="" i'm="" feels,="" actual="" where="" point="" gotten="" i've="" shoes.="" thing,"="" different="" whole="" ground,="" can="" "when="" world."="" senses="" off="" closing="" disconnected.="" time.="" all="" gloves="" wearing="" likens="" feeling."="" addicting="" an="" almost="" it's="" you,="" around="" world="" feeling="" used="" "you="" them,"="" comfortable="" you're="" wear="" choosing="" more="" "it's="" feet.="" your="" feel="" lifestyle"="" "barefoot="" calls="" being="" enjoys="" things="" explained="" experience."="" textures="" many="" "there's="" greatest,"="" "chautauqua="" chautauqua,="" trailhead="" favorite="" group's="" boulder="" aurora="" members="" year-round="" hikes="" day?"="" my="" rest="" what="" well,="" at,="" look="" have="" you="" that,="" explore="" start="" "but="" society,"="" prolific="" because="" thing,="" now="" attention="" people's="" grabbing="" what's="" members,="" 100="" surpassed="" recently="" grown="" has="" their="" it?="" why="" thought,="" hiking,="" enjoyed="" since="" home,="" clients="" works="" she's="" day="" spending="" already="" brushaber="" group.="" join="" first="" who="" practitioner="" movement="" brushaber,="" kriste="" organizing="" partner="" hartman's="" hiking.="" eventually,="" walking="" kept="" marathon,="" run="" change.="" change."="" would="" pain.="" back="" time,="" at="" marathon="" training="" problems.="" other="" few="" splints="" shin="" hartman="" ago,"="" while="" running.="" trying="" after="" started="" group="" meetup="" range="" front="" hartman,="" mary="" thing."="" natural,="" this="" into="" getting="" are="" "people="" he="" (shoes),"="" our="" trail="" appalachian="" guys="" "we="" sashen="" somewhere,"="" some="" top="" them="" me="" showing="" people="" from="" pictures="" testimonials="" get="" walking.="" nearly-barefoot="" for="" footwear="" sandals="" vibram-soled="" light="" makes="" which="" shoes,="" invisible="" founder="" sashen,="" steven="" says="" deal,="" big="" becoming="" minimalist="" boom.="" running="" heels="" on="" popularity="" in="" growing="" shoes="" without="" hiking="" say="" barefooters="" local="" most,="" loftier="" bit="" ascent="" barefoot="" baker's="" said.="" could="" knew="" so="" kilimanjaro,="" than="" harder="" lot="" hell="" "longs="" crazy.="" baker="" but="" crazy."="" quite="" is="" climbing="" everyone="" about="" just="" "i="" said,="" barefoot,="" kili="" climb="" try="" crazy="" it="" thought="" would've="" guides="" whether="" asked="" before.="" that="" like="" request="" a="" made="" ever="" had="" one="" no="" though="" even="" sure,="" paschall="" barefoot.="" attempt="" she'd="" sure="" make="" reach,="" within="" adventures="" boulder's="" owner="" paschall,="" robin="" agent,="" travel="" her="" with="" checked="" year,="" last="" peak="" highest="" africa's="" --="" mountain="" 19,336-foot="" trip="" the="" booked="" she="" when="" boulder.="" of="" baker,="" said="" it,"="" welcoming="" really="" not="" were="" and="" it,="" do="" able="" be="" to="" going="" was="" i="" think="" didn't="" they="" value="When Sonnet Baker showed up at the bottom of Mount Kilimanjaro ready to hike up the mountain barefoot, her guides had doubts. " name="article">
字段都可以正常运行。
请告诉我我做错了什么。
答案 0 :(得分:2)
将数据放入HTML属性时始终使用htmlspecialchars($string, ENT_QUOTES)
:
echo '<input type="hidden" name="article" value="'.htmlspecialchars($row['article'], ENT_QUOTES).'" />';
此外,谷歌搜索XSS攻击。