php htmlspecialchars 和 ENT_QUOTES 不起作用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4722727/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
htmlspecialchars & ENT_QUOTES not working?
提问by PHPLOVER
Basically on displaying data from MySQL database I have a htmlspecialchars()function below that should convert single and double quotes to their safe entity(s). The problem I'm having is on viewing source code, it is only converting < > &when I also need it to convert single and double quotes.
基本上在显示来自 MySQL 数据库的数据时,我htmlspecialchars()下面有一个函数可以将单引号和双引号转换为它们的安全实体。我遇到的问题是查看源代码,它仅< > &在我还需要转换单引号和双引号时才进行转换。
//sanitize data from db before displaying on webpage
function htmlsan($htmlsanitize){
return $htmlsanitize = htmlspecialchars($htmlsanitize, ENT_QUOTES, 'UTF-8');
}
Then when I want to use for example I do:
然后当我想使用例如我做:
htmlsan($row['comment']);
Can someone tell me why it's not converting single and double quotes?
有人能告诉我为什么它不转换单引号和双引号吗?
UPDATE
更新
What's strange is htmlsan()is used on comment in email and when I view source code of email it converts them, it seems that it won't convert the single/double quotes from the database on displaying on webpage. My database collation is also set to utf8_general_ci and I declare I am using utf8 on database connection etc.
奇怪的htmlsan()是用于电子邮件中的评论,当我查看电子邮件的源代码时,它会转换它们,似乎它不会在网页上显示时转换数据库中的单引号/双引号。我的数据库排序规则也设置为 utf8_general_ci,我声明我在数据库连接等上使用 utf8。
回答by álvaro González
How are you exactly testing it?
你是如何测试它的?
<?php
//sanitize data from db before displaying on webpage
function htmlsan($htmlsanitize){
return $htmlsanitize = htmlspecialchars($htmlsanitize, ENT_QUOTES, 'UTF-8');
}
var_dump(htmlsan('<>\'"'));
... prints:
... 印刷:
string(20) "<>'""
My guess is that your input string comes from Microsoft Word and contains typographical quotes:
我的猜测是您的输入字符串来自 Microsoft Word 并包含印刷引号:
var_dump(htmlsan('“foo”')); // string(9) "“foo”"
If you do need to convert them for whatever the reason, you need htmlentities()rather than htmlspecialchars():
如果出于某种原因确实需要转换它们,则需要htmlentities()而不是htmlspecialchars():
var_dump(htmlentities('“foo”', ENT_QUOTES, 'UTF-8')); // string(17) "“foo”"
Update #1
更新 #1
Alright, it's time for some proper testing. Type a single quote (') in your commentdatabase field and run the following code when you retrieve it:
好的,是时候进行一些适当的测试了。'在comment数据库字段中键入单引号 ( )并在检索它时运行以下代码:
var_dump(bin2hex("'"));
var_dump(htmlspecialchars("'", ENT_QUOTES, 'UTF-8'));
var_dump(bin2hex($row['comment']));
var_dump(htmlspecialchars($row['comment'], ENT_QUOTES, 'UTF-8'));
It should print this:
它应该打印:
string(2) "27"
string(6) "'"
string(2) "27"
string(6) "'"
Please update your question and confirm whether you ran this test and got the same or a different output.
请更新您的问题并确认您是否运行了此测试并获得了相同或不同的输出。
Update #2
更新 #2
Please look carefully at the output you claim to be obtaining:
请仔细查看您声称获得的输出:
string(6) "'"
That's nota string with 6 characters. You are not looking at the realoutput: you are looking at the output as renderedby a browser. I'm pretty sure you are getting the expected result, i.e. string(6) "'". If you render 'with a web browser it becomes '. Use the View Sourcemenu in your browser to see the real output.
那不是一个有 6 个字符的字符串。您不是在查看真正的输出:您正在查看由浏览器呈现的输出。我很确定你得到了预期的结果,即string(6) "'". 如果您'使用 Web 浏览器进行渲染,它将变为'. 使用浏览器中的查看源菜单查看实际输出。
回答by PHPLOVER
When you view sourcecode using Firebug, Firebug shows it like the web browser displays it, I thought it would have shown the source code the same as if you went to View Source in Browser Menu Bar. A headache learnt and will be remembered. Thanks everyone for your valuable time and input.
当您使用 Firebug 查看源代码时,Firebug 显示它就像 Web 浏览器显示它一样,我认为它会显示源代码,就像您在浏览器菜单栏中查看源代码一样。头痛学到了,将被记住。感谢大家的宝贵时间和投入。
回答by Carolina
Had the same problem. My database is with utf-8_unicode_ci and my html charset utf-8, and htmlentities only converted everything but quotes. I thought that having same charset in both db and html would work fine, but it didn't. So I changed the charset on the html to iso-8859-1 and it worked. I don't know why, but it worked. My db is still with utf-8_unicode_ci.
有同样的问题。我的数据库是 utf-8_unicode_ci 和我的 html 字符集 utf-8,而 htmlentities 只转换了除引号之外的所有内容。我认为在 db 和 html 中使用相同的字符集可以正常工作,但事实并非如此。所以我将 html 上的字符集更改为 iso-8859-1 并且它起作用了。我不知道为什么,但它奏效了。我的数据库仍然使用 utf-8_unicode_ci。
回答by Matt Lowden
Not sure if this will make any difference but have you tried removing the $htmlsanitize.
不确定这是否会有所作为,但您是否尝试删除$htmlsanitize.
function htmlsan($htmlsanitize){
return htmlspecialchars($htmlsanitize, ENT_QUOTES, 'UTF-8');
}
回答by Dai
Using
使用
htmlentities($htmlsin, ENT_QUOTES, 'UTF-8');
or
或者
mb_convert_encoding($htmlsan, "HTML-ENTITIES", "UTF-8");
Would probably do what you want them to.
可能会做你想让他们做的事。
