EDIT: I solved it seconds after posting the question (sorry!) but can't accept an answer yet.
编辑:我在发布问题后几秒钟解决了(抱歉!)但是还不能接受答案。
Hi folks,
嗨伙计,
Just a quick one. I have a PHP/CodeIgniter site and the user can edit their profile. I'm using CI's XSS Filtering and Active Record-based Models, so the data is escaped automatically.
只是一个快速的。我有一个PHP / CodeIgniter站点,用户可以编辑他们的个人资料。我正在使用CI的XSS过滤和基于活动记录的模型,因此数据会自动转义。
It naturally displays fine on the profile page view, text such as "We'll see if this works" (the apostrophe in the we'll). However when the user goes to the Edit page, the input box (filled with the data in the DB) displays:
它在配置文件页面视图中自然显示正常,文本如“我们将看看它是否有效”(我们将撇号)。但是,当用户转到“编辑”页面时,输入框(填充数据库中的数据)显示:
We'll see if this works
I thought I could get around it by setting the value of the input box to html_entity_decode($query->row('example_database_row')) but it still doesn't work. Am I misunderstanding something here?
我以为我可以通过将输入框的值设置为html_entity_decode($ query-> row('example_database_row'))来绕过它,但它仍然不起作用。我在这里误解了什么吗?
Thanks!
谢谢!
Jack
插口
1 个解决方案
#1
16
You can use html_entity_decode($query->row('example_database_row'), ENT_QUOTES).
您可以使用html_entity_decode($ query-> row('example_database_row'),ENT_QUOTES)。
However, I would advise against HTML encoding before you insert it into the database. Just encode it when you output it. It's better just storing the raw data in the database.
但是,在将其插入数据库之前,我建议不要使用HTML编码。只需在输出时对其进行编码。最好只将原始数据存储在数据库中。
#1
16
You can use html_entity_decode($query->row('example_database_row'), ENT_QUOTES).
您可以使用html_entity_decode($ query-> row('example_database_row'),ENT_QUOTES)。
However, I would advise against HTML encoding before you insert it into the database. Just encode it when you output it. It's better just storing the raw data in the database.
但是,在将其插入数据库之前,我建议不要使用HTML编码。只需在输出时对其进行编码。最好只将原始数据存储在数据库中。