dongping9475 2015-07-30 23:32
浏览 32
已采纳

回复mysql文本的正确方法是什么,可能包括锚标题中的单引号和/或双引号?

I'm trying to include a string variable as the title to an anchor tag, so when the user hovers over the link, they see the text. The text may or may not include single or double quotes and comes from a mysql table column.

Here is the code: 

echo '<a title="'.$classRow['Description'].'">'.$classRow['LongName'].'</a>';

The above code works correctly if $classRow['Description'] is:

In this class, we'll watch a movie.

But the title is truncated after the word 'movie ' if $classRow['Description'] is:

In this class, we'll watch the movie "Life of Pi."

I tried using addslashes($classRow['Description']) but that just displays the slash; the text is still truncated once it reaches the double quote.

  • 写回答

1条回答 默认 最新

  • dongyu4455 2015-07-30 23:38
    关注

    This should do it,

    $classRow['Description'] = 'In this class, we\'ll watch the movie "Life of Pi."';
echo '<a title="'.htmlspecialchars($classRow['Description'], ENT_QUOTES) .'">' .$classRow['LongName'].'</a>';

    PHP Demo: http://sandbox.onlinephpfunctions.com/code/dadb94a797a74cc7fd8c078ca49d8840ddaeb0b3

    Function page: http://php.net/manual/en/function.htmlspecialchars.php

    Also note the behavior you are experiencing isn't the data being truncated the " in your string is closing the attribute the rest of the string is then being read as attributes.

    Note a malicious user could alter elements in this same way so when outputting user provided input you should use this function as well.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 TLS1.2协议通信解密
  • ¥40 图书信息管理系统程序编写
  • ¥20 Qcustomplot缩小曲线形状问题
  • ¥15 企业资源规划ERP沙盘模拟
  • ¥15 树莓派控制机械臂传输命令报错,显示摄像头不存在
  • ¥15 前端echarts坐标轴问题
  • ¥15 ad5933的I2C
  • ¥15 请问RTX4060的笔记本电脑可以训练yolov5模型吗?
  • ¥15 数学建模求思路及代码
  • ¥50 silvaco GaN HEMT有栅极场板的击穿电压仿真问题