转义 PHP 输出的 HTML 属性的双引号
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1097135/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Escape double quotes of HTML attributes output by PHP
提问by Phil
Often when writing PHP I'll have it output some HTML like this -
通常在编写 PHP 时,我会让它输出一些像这样的 HTML -
echo "<a href="../" title="link title">".$link_text."</a>";
Obviously this won't parse as I need to escape the double quotes in the attributes of the <a>element. Is there a regex that would quickly do this rather than me manually adding the backslashes?
显然这不会解析,因为我需要转义<a>元素属性中的双引号。是否有正则表达式可以快速执行此操作而不是我手动添加反斜杠?
One other thing - the regex shouldn't escape double quotes outside of the tag (e.g. where I've appended the $link_textvariable.
另一件事 - 正则表达式不应该在标签之外转义双引号(例如,我附加了$link_text变量的地方。
Any ideas?
有任何想法吗?
回答by Greg
You should just use single-quotes instead:
您应该只使用单引号:
echo '<a href="../" title="link title">' . $link_text . '</a>';
回答by Maciej ?ebkowski
Solutions I can come up with (not without escaping):
我可以想出的解决方案(并非没有转义):
Single quotes
echo '<a href="../">' . $link_text. '</a>';Use double quotes
echo "<a href='../'>$link_text</a>";Sprintf
echo sprintf('<a href="../">%s</a>', $link_text);Use HEREDOC
echo <<<EOF <a href="../">$link_text</a> EOF;Use template engine like smarty
Exit PHP-mode:
?><a href="../"><?php echo $link_text ?></a><?php // other code...
单引号
echo '<a href="../">' . $link_text. '</a>';使用双引号
echo "<a href='../'>$link_text</a>";冲刺
echo sprintf('<a href="../">%s</a>', $link_text);使用HEREDOC
echo <<<EOF <a href="../">$link_text</a> EOF;使用像smarty这样的模板引擎
退出PHP 模式:
?><a href="../"><?php echo $link_text ?></a><?php // other code...
BTW, be sure to use htmlspecialchars()on $link_textvariable, or you'll have a XSS security hole.
顺便说一句,一定要htmlspecialchars()在$link_text变量上使用,否则你会有一个 XSS 安全漏洞。
回答by Ish
Use (This syntax dont worry about quotes etc)
使用(这种语法不用担心引号等)
echo <<<EOT
<a href="../" title="link title">$link_text</a>
EOT;
回答by Quentin
I'd strongly suggest using templating instead of trying to build strings.
我强烈建议使用模板而不是尝试构建字符串。
In raw PHP:
在原始 PHP 中:
<a href="../" title="link title"><?php echo $link_text; ?></a>
回答by user1600211
I think you can use
我想你可以用
http://www.example.com/.../Learning-Tutorials/ACTIVE-USER-ACCOUNT/verify.php?email='.$email.'&hash='.$hash.'
"<a href="//www.example.com/.../Learning-Tutorials/ACTIVE-USER-ACCOUNT/verify.php?email="$email&hash=$hash>Click Here to Active</a>"
try it.
尝试一下。
