如何打印包含PHP标签的原始字符串?

For example:

例如:

$str="<script>alert('hello');</script>";

If I use echo to print it out, it will pop up an alert window in the browser.

如果我使用echo输出它，它会在浏览器中弹出一个警告窗口。

How can I print out the raw string <script>alert('hello');</script> in this case?

如何打印原始字符串 ?

3 个解决方案

#1

Depends if you want the words script in. If yes, then

这取决于你是否想要文字脚本。如果是的,那么

You should use this.

你应该使用这个。

echo htmlspecialchars($str);

See http://php.net/manual/en/function.htmlspecialchars.php

参见http://php.net/manual/en/function.htmlspecialchars.php

If not just use strip_tags http://php.net/manual/en/function.strip-tags.php

如果不只是使用strip_tags http://php.net/manual/en/function.strip-tags.php

#2

You can use htmlspecialchars

您可以使用:

$str = htmlspecialchars( "<script>alert('hello');</script>" )

docs: http://php.net/manual/en/function.htmlspecialchars.php

文档:http://php.net/manual/en/function.htmlspecialchars.php

#3

If you want the REAL RAW data shown, use <xmp> tag:

如果你想要显示真实的原始数据，使用

标签:&lt;/p&gt;

$str="<xmp><script>alert('hello');</script></xmp>";

jsFiddle: http://jsfiddle.net/jvpYp/

jsFiddle:http://jsfiddle.net/jvpYp/

caution:

警告:

if you use

如果你使用

$userInput = "</xmp><script>evil javascript</script>";
echo "<xmp>" . $userInput . "</xmp>";

you might run into trouble.

你可能会遇到麻烦。

update: <xmp> tag has been dropped since HTML 4.0 but is still working in most browsers

更新:

标签自HTML 4.0以来已被删除，但仍在大多数浏览器中工作&lt;/p&gt;

#1