draj30958 2016-03-03 15:42
浏览 24
已采纳

sql调用用这个字符做奇怪的事情:“[关闭]

I have a form that auto calls information for products, it uses autocomplete to pull the product description when someone puts in the product name. When the form calls the data, sample data may look like this :

Samsung 40" HDTV Television

After the form is saved, and reloaded, the data loaded looks like this :

Samsung 40

Is there a way to mass edit my product descriptions to replace " with inch, or to make this not happen

Using SQL

Code sample of insert :

foreach (blabla)
$productName = mysqli_real_escape_string( $this->_con, trim( $invoice_detail['productName'] ) );
$query = "INSERT INTO invoice (`productName`) VALUES ('$productName')
mysqli_query($this->_con, $query);

Code sample of retrieve :

<td><input value="<?php echo isset($item['productName']) ? $item['productName']: ''; ?>" type="text" data-type="productName" name="data[InvoiceDetail][<?php echo $key;?>][productName]" id="itemName_<?php echo $key+1?>"></td>
  • 写回答

1条回答 默认 最新

  • doufang2023 2016-03-03 16:10
    关注

    you're not escaping html special symbols, your code:

    echo isset($item['productName']) ? $item['productName']: '';

    should look like this:

    echo isset($item['productName']) ? htmlspecialchars($item['productName']) : '';
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 TLS1.2协议通信解密
  • ¥40 图书信息管理系统程序编写
  • ¥20 Qcustomplot缩小曲线形状问题
  • ¥15 企业资源规划ERP沙盘模拟
  • ¥15 树莓派控制机械臂传输命令报错,显示摄像头不存在
  • ¥15 前端echarts坐标轴问题
  • ¥15 ad5933的I2C
  • ¥15 请问RTX4060的笔记本电脑可以训练yolov5模型吗?
  • ¥15 数学建模求思路及代码
  • ¥50 silvaco GaN HEMT有栅极场板的击穿电压仿真问题