这个问题在我所有的表格中都出现过。如果在描述中,用户在其中包含与符号,则该页面会显示带有值的 INSERT 语句,但不会继续或发送电子邮件。
例如:
“The quick brown fox jumps over the dog & the cat”是行不通的。
“敏捷的棕色狐狸跳过狗和猫”会起作用。
在其中一页插入语句:
$filename = $_GET['filename'];
$size = $_GET['filesize'];
$date = $_GET['filedate'];
$user = $loggedin_id;
$desc = mysqli_real_escape_string($dbc3, $_GET['desc']);
$type = $_GET['type'];
$ver = $_GET['ver'];
$rev = $_GET['rev'];
$sql = "SELECT lineup FROM cad_files WHERE job_num = $job_id AND file_type = '$type' ORDER BY date DESC LIMIT 1";
$result = mysqli_query($dbc3, $sql);
if(mysqli_num_rows($result) < 1){
$prev_lineup = 0;
} else {
$prev_file = mysqli_fetch_assoc($result);
$prev_lineup = $prev_file['lineup'];
}
//$type = getcadtype($type);
$job_id = getjobid($job_num, $dbc3);
$sql = "INSERT INTO cad_files(job_num, user, file_name, file_type, version, revision, date, size, description) VALUES($job_id, '$user', '$filename', '$type', '$ver', '$rev', '$date', '$size', '$desc')";
// echo $sql;
mysqli_query($dbc3, $sql) or die(mysqli_error($dbc3));
$id = mysqli_insert_id($dbc3);
我该如何解决这个问题?
错误:
Warning: simplexml_load_string(): Entity: line 9: parser error : xmlParseEntityRef: no name in /home/xxxxx/public_html/main/includes/mail2.php on line 15
Warning: simplexml_load_string(): <p>Description:<br /><b>Inserts 3a & 3b modified</b></p> in /home/xxxxx/public_html/main/includes/mail2.php on line 15
Warning: simplexml_load_string(): ^ in /home/xxxxxx/public_html/main/includes/mail2.php on line 15
Catchable fatal error: Argument 1 passed to simpleXMLToArray() must be an instance of SimpleXMLElement, boolean given, called in /home/xxxxxx/public_html/main/includes/mail2.php on line 15 and defined in /home/xxxxxx/public_html/main/includes/functions.php on line 354
最佳答案
因为您是通过查询字符串 (HTTP GET) 发送所有内容,所以您应该在将变量发送到服务器之前对变量进行转义。
使用 javascript escape 函数来编码这样的字符。 您还需要在服务器端对它们进行解码。
关于php - 描述框中为 "&"时提交表单时出现问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23199464/