开发者

' " turns out as \' and \"

问答 作者:

so I have a field you can type in. After you type you press ok, and it will send an ajax call to save.php and it inserts into the database (with php), and then output what you have type. And then ajax call on succes grabs the output and alerts it (success: function(msg){ alert(msg) }). the response is in html.

Works good until i use ' or " in the field. example if i write: 'asdadsasd" it turns out: \'asdadsasd\" How can I fix this?

Dont know if it matters, but in save.php开发者_运维知识库 I have:

header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header('Content-type: text/html; charset=utf-8');

And it outputs the message like this:

echo htmlspecialchars(strip_tags($message), ENT_QUOTES, 'utf-8');

This is most likely due to PHP's exceptionally helpful irritating "magic quotes" feature. Magic quotes automatically inserts slashes before single and double quotes in incoming data provided by the user agent (i.e. in $_GET, $_POST, and $_COOKIE, or "GPC") in a vague attempt at providing some security for those who don't realize the hazards of unescaped user input.

As a matter of course, you should always check for magic quotes using get_magic_quotes_gpc before you attempt to use any GPC data. If it's enabled, simply call stripslashes on your input before using it.

I use something similar to this at the beginning of any script I write:

function cleanInput($input)
{
    if (is_array($input))
    {
        foreach ($input as &$value)
        {
            $value = cleanInput($value);
        }

        return $input;
    }
    else
    {
        return stripslashes($input);
    }
}

if (get_magic_quotes_gpc())
{
    $_GET = cleanInput($_GET);
    $_POST = cleanInput($_POST);
    $_COOKIE = cleanInput($_COOKIE);
    $_REQUEST = cleanInput($_REQUEST);
}

It's because the ENT_QUOTES option, I let you check: http://php.net/manual/en/function.htmlentities.php

EDIT: I've forgotten slashes, have you magic_quotes activated?

Try calling stripslashes on it. I think it adds slashes when it's posted/sent via ajax.

use stripslashes

继续阅读:character-encodingjqueryphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9