down00112 2016-04-28 21:30
浏览 84
已采纳

PHP验证输入无效

I've been at this for hours and can't seem to get anywhere.

I'm using XAMPP for Apache 2.0, PHP 5.5, Chrome and using Netbeans for my editor.

I have an input text box which I want to validate before I use it to search a MYSQL database. I use POST to get the input.

The input I'm using is "x/65!!!"how to

 $searchtext = $_POST['searchbox'];
 echo "<br />" . htmlspecialchars($searchtext);
 echo "<br />htmlentitites: " . $searchtext;
 echo "<br />strip slashes : " . stripslashes($searchtext);
 echo "<br />internal encoding is: " . mb_internal_encoding();

and my result is: 

for htmlspecialchars -> "x/65!!!"how to<b>   //why isn't the <b> removed?

for htmlentities     ->    "x/65!!!"how to //shouldn't the forward slash be stripped out?

for stripslashes     ->  "x/65!!!"how to  //shouldn't the '/' be stripped out?

for mb_internal_encoding->  ISO-8859-1 //My php.ini has UTF-8 as the default, I have meta content-type charset="UTF=8" and I though php 5.5 defaulted to UTF8

I'm copying from the PHP manual but I'm not getting their results. I suspect it's charset related but I'm not sure where to look anymore.

****Comments********

Jeff, 

 I changed the spelling of entities and used this string: <b>"'This \!'": /I

This is what I get with htmlspecialchars: "'This !'": /I and yes, everything is bold. All of my output is bold and I do not get any of 

       the escape chars showing:  &quot;&quot;&lt;&gt

Funny thing is though when I echo $_POST['searchbox']; It comes up without the but in bold nevertheless.

My mb_internal_encoding() is ISO-8859-1 even though on the beginning of the page I have a meta statement setting it to UTF-8 and for PHP I made the default UTF-8 by removing the semicolon.

I'm beginning to think my PHP interpreter is broken. I'll have to look at XAMPP to see what their recent version is.

  • 写回答

1条回答 默认 最新

  • doudeng1870 2016-04-28 23:17
    关注

    I think you might be confusing the differences between what these functions do for the source output as opposed to how the browser renders output of that source. make sure you are comparing what you see on screen in the browser with what is shown in the browser's source. you can view the html source code in most popular browsers by pressing <kbd>ctrl</kbd> + <kbd>U</kbd> or here's a reference for how to do it in a few others.

    for htmlspecialchars -> x/65!!!"how to<b> //why isn't the <b> removed?

    htmlspecialchars doesn't remove anything, it simply converts certain html characters into their html entity encoding format. So it's translated <b> into the html entity &lt;b&gt;, which renders on the page as <b>. If you look at your source code, it's actually <br />&quot;x/65!!!&quot;how to&lt;b&gt;. Otherwise, you wouldn't be able to see the <b> on screen because it would be interpreted by the browser as an opening bold tag making all your following text bold. this is also why it's not visible in your question because you didn't escape it for the markdown.

    for htmlentities -> x/65!!!"how to<b> //shouldn't the forward slash be stripped out?

    a couple problems here:

    • of no real consequence, but I just wanted to point out that you spelled it wrong htmlentitites != htmlentities in your echo statement.

    • you didn't actually use the htmlentities function in your code:

      echo "<br />htmlentitites: " . $searchtext;

      in order to actually use it, wrap your variable: 

      echo "<br />htmlentitites: " . htmlentities($searchtext);

    • coincidentally enough, even if you had used it, it wouldn't have been escaped because regular old forward slash / is not an html character entity, although it does look very similar to the fractional slash , which would be encoded as &frasl;

    for stripslashes -> x/65!!!"how to<b> //shouldn't the / be stripped out?

    stripslashes only removes backslashes \, and not forward slashses /. I think it should have been called stripbackslashes, but they didn't ask me :)

    for mb_internal_encoding-> ISO-8859-1 //My php.ini has UTF-8 as the default, I have meta content-type charset="UTF=8" and I though php 5.5 defaulted to UTF8

    I'm not very familiar with this one, but I can tell you that the default is not UTF-8, but is ISO-8859-1. are you sure that My php.ini has UTF-8 as the default? Because my php.ini has a line that looks like this: ;mbstring.internal_encoding = UTF-8 and you should note the semicolon ; at the beginning means it's commented out. you would have to delete that semicolon, and restart the web server to have it take effect.

    as for your meta statement setting it to UTF-8, I assume you mean you've added an html meta tag that looks something like <meta charset="UTF-8">. this only applies to the html output signaling to browsers what character set to expect, and doesn't have any effect on your internal server settings.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • PHP验证输入无效 php
    2016-04-28 21:30
    回答 1 已采纳 I think you might be confusing the differences between what these functions do for the source outp
  • PHP验证无效 html5 php
    2014-08-09 15:10
    回答 1 已采纳 if you want to validate if the email address is 10 or under 10 -> error then u should use if(s
  • Php联系表格,验证无效 html php
    2014-01-31 21:58
    回答 3 已采纳 Doesn't matter if you use input or button as long as they have type="submit" but you have to set n
  • php验证session无效的解决方法
    2020-10-25 07:03
    主要介绍了php验证session无效的解决方法,涉及对session缓存目录的判断与修改,是进行session操作经常会遇到的问题,需要的朋友可以参考下
  • PHP / CodeIgniter PayPal IPN无效验证 php
    2012-02-17 12:41
    回答 3 已采纳 Not sure if you're using adaptive payments or not, but I used this library: http://www.binpress.co
  • Firebase数据库规则+身份验证无效 php
    2018-02-09 21:14
    回答 1 已采纳 As Frank mentioned in the comments, you must call setToken() in order to authenticate all subseque
  • cakephp 2.9.7数据验证无效 php
    2017-06-02 11:20
    回答 2 已采纳 This will validate and save your data if ($this->request->is('post')) { $this->Acti
  • php-validation-dsl:DSL,用于以功能方式验证数据
    2021-05-27 21:17
    ValidationResult是一个总和类型,可以是有效的(包含一些有效的$data ,也可以是无效的(包含一些错误消息)。 这意味着验证可能会成功,并且在这种情况下,您可以使用有效的结果,如果失败,则可以处理错误消息...
  • 表单验证不停止无效输入。将用户发送到标题位置。(PHP php
    2014-01-04 18:19
    回答 2 已采纳 All your validation code needs to be on the SECOND page, before you write the data. PHP is run on
  • Codeigniter验证无效 php
    2014-04-08 11:49
    回答 3 已采纳 In your controller, when you call the "run" method is when the proccess is done: public function
  • JavaScript验证PHP函数无效[关闭] javascript jquery php
    2013-04-11 11:41
    回答 2 已采纳 If you don't want your page to reload, you should always have return false; in the end of your
  • PHP168行业B2B平台 v3.0
    2021-03-19 03:25
    PHP168行业B2B将为青年用户朋友提供创业平台。也是现阶段国内PHP领域唯一一家品牌的B2B开发方。...2、后台验证无效问题。 3、供应不能管理问题。 4、多个样式细节问题。 5、B2B商务标签调用问题。 等等。
  • 图像大小验证无效 php
    2014-12-10 06:15
    回答 1 已采纳 Updated Code Snippet. $maxsize = '500000'; //Bytes $errors = array(); if (empty($_FI
  • ot-ups-api:UPS PHP API
    2021-03-18 12:44
    ot-ups-api UPS PHP API 这是从gabrielbull的UPS API复制和修改的。...地址无效时,会给出建议。 注意:UPS有两个地址验证。这是“街道级别”选项,其中包括普通“地址验证”类的所有选项,并添加了街道级别验证
  • php验证电子邮箱格式正确,php判断电子邮件是否正确方法
    2021-04-08 11:15
    happytdw的博客 php判断电子邮件是否正确方法PHP判断电子邮件是否正确即是否有效,是我们PHP面试过程中常见考题之一。我们可以使用PHP过滤器来实现判断。下面我们就通过具体示例,给大家介绍PHP判断电子邮箱是否正确的简单实现方法...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 unity第一人称射击小游戏,有demo,在原脚本的基础上进行修改以达到要求
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line