一段时间以来,我一直在努力解决这个问题,我花了无数时间在网上寻找解决方案。所以我想我会来找你们,因为我对这个问题束手无策。基本上我有一个我前一段时间设计的 CMS 系统,我最近使用 PDO 等将它更新为现代标准,现在我似乎在将&符号(&)插入 MySQL 数据库时遇到问题,一切都设置为'UTF- 8',PDO 连接,MySQL 排序规则,一切,但由于某种原因,当文本区域的表单中有一个 & 符号时,数据已发送,但在到达 & 符号时被切断,就好像它正在解析它一样将其切断,因为它认为与号是一个漏洞。
这是我在 PHP 中插入的代码:
$fbl = $_POST['fblValue'];
$fbr = $_POST['fbrValue'];
$sbl = $_POST['sblValue'];
$sbr = $_POST['sbrValue'];
$tbl = $_POST['tblValue'];
$tbr = $_POST['tbrValue'];
$fblDisabled = $_POST['fblDisabled'];
$fbrDisabled = $_POST['fbrDisabled'];
$sblDisabled = $_POST['sblDisabled'];
$sbrDisabled = $_POST['sbrDisabled'];
$tblDisabled = $_POST['tblDisabled'];
$tbrDisabled = $_POST['tbrDisabled'];
$footer = $_POST['footerValue'];
$copyright = $_POST['copyrightValue'];
$statement = $conn->prepare("UPDATE pages SET FBL = :fbl,
FBLDisabled = :fblDisabled,
FBR = :fbr,
FBRDisabled = :fbrDisabled,
SBL = :sbl, SBLDisabled = :sblDisabled,
SBR = :sbr, SBRDisabled = :sbrDisabled,
TBL = :tbr, TBLDisabled = :tblDisabled,
TBR = :tbr, TBRDisabled = :tbrDisabled,
Footer = :footer,
Copyright = :copyright
WHERE ID = :pageToEdit");
$statement->bindParam(":fbl", $fbl);
$statement->bindParam(":fblDisabled", $fblDisabled);
$statement->bindParam(":fbr", $fbr);
$statement->bindParam(":fbrDisabled", $fbrDisabled);
$statement->bindParam(":sbl", $sbl);
$statement->bindParam(":sblDisabled", $sblDisabled);
$statement->bindParam(":sbr", $sbr);
$statement->bindParam(":sbrDisabled", $sbrDisabled);
$statement->bindParam(":tbl", $tbl);
$statement->bindParam(":tblDisabled", $tbDisabled);
$statement->bindParam(":tbr", $tbr);
$statement->bindParam(":tbrDisabled", $tbrDisabled);
$statement->bindParam(":footer", $footer);
$statement->bindParam(":copyright", $copyright);
$statement->bindParam(":pageToEdit", $pageToEdit);
$statement->execute();
}
我还可以补充一点,我使用 ajax 发送数据,是否可能与此有关?
这是 AJAX 代码:
<script type="text/javascript">
function savePage(str1, str2, str3, str4, str5, str6, str7, str8, str9, str10, str11, str12, str13, str14)
{
var xmlhttp;
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.open("post", "putEditedPage.php", true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send("fblValue=" + str1 + "&fbrValue=" + str2 + "&sblValue=" + str3 + "&sbrValue=" + str4 + "&tblValue=" + str5 + "&tbrValue=" + str6 + "&fblDisabled=" + str7 + "&fbrDisabled=" + str8 + "&sblDisabled=" + str9 + "&sbrDisabled=" + str10 + "&tblDisabled=" + str11 + "&tbrDisabled=" + str12 + "&footerValue=" + str13 + "©rightValue=" + str14);
document.getElementById('blackout').style.display="block";
document.getElementById('Alert').style.display="block";
document.getElementById('Alert').style.marginTop=((window.innerHeight/2)+((window.innerHeight/100) * 35))+"px";
setTimeout(function(){
document.getElementById('blackout').style.display='none';
document.getElementById('Alert').style.display='none';
}, 1250);
}
function insertTab(o, e)
{
var kC = e.keyCode ? e.keyCode : e.charCode ? e.charCode : e.which;
if (kC == 9 && !e.shiftKey && !e.ctrlKey && !e.altKey)
{
var oS = o.scrollTop;
if (o.setSelectionRange)
{
var sS = o.selectionStart;
var sE = o.selectionEnd;
o.value = o.value.substring(0, sS) + "\t" + o.value.substr(sE);
o.setSelectionRange(sS + 1, sS + 1);
o.focus();
}
else if (o.createTextRange)
{
document.selection.createRange().text = "\t";
e.returnValue = false;
}
o.scrollTop = oS;
if (e.preventDefault)
{
e.preventDefault();
}
return false;
}
return true;
}
</script>
在此先感谢大家,干杯。
最佳答案
就在这里:
xmlhttp.send("fblValue=" + str1 + "&fbrValue=" + str2 + "&sblValue=" + str3 + ...
^ ^
看到那些符号了吗?它们是 URL 编码中的特殊字符。要提交包含 & 符号本身的值,您需要使用 URL 编码转义该 & 符号。因此,encodeURIComponent
您的值,然后将它们连接成 URL 编码的字符串。
也许我会让你感兴趣:The Great Escapism (Or: What You Need To Know To Work With Text Within Text)
关于php - 将 & 号插入 MySQL 的问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13238985/