I've recently thrown together a basic PHP webpage that lists information pulled from an MySQL table and displays it in various sorts. I'm wanting to allow the user to add a new item to the table, edit an item in the list and delete an item in the list without refreshing the page (Ajax).
我最近把一个基本的PHP网页放在一起,列出从MySQL表中提取的信息并以各种方式显示它。我想允许用户向表中添加新项,编辑列表中的项并删除列表中的项而不刷新页面(Ajax)。
This currently goes;
目前这样;
要添加/编辑文章,请单击提示弹出窗口ajax表单的链接,并通过执行以下函数setEdit(comment)填充其内容(如果编辑);
<a class="popup-button" title="<?php echo $row['comment']; ?>" onclick="setEdit('<?php if($row['comment']){ echo $row['comment']; } else { echo "Enter comment here..."; } ?>');"><?php echo $row['listitem']; ?></a>
setEdit()注释如下;
function setEdit(editcomment)
{
if(editcomment){ document.getElementById('help-us-comment').value=editcomment; }
}
然后,在提交ajax表单之后,由以下php代码处理;
if(isset($_POST['comment_text']))
$comment=$_POST['comment_text'];
$sql = "INSERT INTO table SET
comment='$comment'";
Problem: I'm having constant issues trying to get the database contents through 1, 2, 3 without falling over at a new line, single or double quote. I've tried endless combinations of replacing tags, htmlspecialchars and nl2br with no half successes - where it's got to the point that it's so convoluted and encoded/decoded now that I'm assuming that there is a far simpler and obvious way that I'm missing.
问题:我一直在尝试通过1,2,3获取数据库内容,而不会在新行,单引号或双引号中出现问题。我已经尝试了无穷无尽的组合替换标签,htmlspecialchars和nl2br没有一半的成功 - 它已经达到了如此复杂和编码/解码的程度我现在假设我有一个更简单明了的方式我失踪了。
The main problem happens when trying to load the data into the form, typically having either the form fall over and refuse to populate at all (typically by the a link becoming broken by the data extracted i.e. single quote or new line) or the form being populated with special characters instead of plain text to edit.
当尝试将数据加载到表单中时,会发生主要问题,通常表单中的表单会被覆盖并拒绝填充(通常是链接被提取的数据破坏,即单引号或新行)或表单正在填充特殊字符而不是纯文本进行编辑。
I've tried to go into as much detail as possible, but if any more is needed I'm happy to provide. Also apologies if this is an obvious fix/mistake, and I'm being an idiot.
我试图尽可能详细地介绍,但如果需要更多细节,我很乐意提供。如果这是一个明显的修复/错误,我也是道歉,我是个白痴。
1 个解决方案
#1
0
You have two problems here: storing and displaying.
这里有两个问题:存储和显示。
To display you should look in to htmlentities
that makes it safe HTML (it does all the quotes replacing, html encoding, etc. for you) so that your string to be safe to be displayed as plain text, or as inputs' values.
为了显示你应该查看使其成为安全HTML的htmlentities(它为你做所有的引号替换,html编码等),以便你的字符串可以安全地显示为纯文本或输入值。
To store the data, you should sanitize your queries. You could use mysqli
and bind parameters, or use mysql_real_escape_string
to escape your input manually.
要存储数据,您应该清理查询。您可以使用mysqli和绑定参数,或使用mysql_real_escape_string手动转义输入。
Otherwise, say hi to Bobby Tables ;)
否则,请向Bobby Tables打个招呼;)
#1
0
You have two problems here: storing and displaying.
这里有两个问题:存储和显示。
To display you should look in to htmlentities
that makes it safe HTML (it does all the quotes replacing, html encoding, etc. for you) so that your string to be safe to be displayed as plain text, or as inputs' values.
为了显示你应该查看使其成为安全HTML的htmlentities(它为你做所有的引号替换,html编码等),以便你的字符串可以安全地显示为纯文本或输入值。
To store the data, you should sanitize your queries. You could use mysqli
and bind parameters, or use mysql_real_escape_string
to escape your input manually.
要存储数据,您应该清理查询。您可以使用mysqli和绑定参数,或使用mysql_real_escape_string手动转义输入。
Otherwise, say hi to Bobby Tables ;)
否则,请向Bobby Tables打个招呼;)