dongxie3681 2015-11-05 16:21
浏览 38

PHP安全地构造用户输入的输出

I have a PHP project that allows users to submit an article / tutorial and before I insert the data to my database I do

        $content1 = htmlspecialchars($userscontent);
        $content = htmlentities($content1, ENT_QUOTES);

for safety purposes and when I output the data from my database I decode it. Now I want that text to be structured and not just written on one line and I also want to add the ability to add images to the articles and I have no idea which is the best way to go about this.

Any help is appreciated.

  • 写回答

1条回答 默认 最新

  • drqja5919276 2015-11-05 16:32
    关注

    Could you not just use the decode? 

    $result1 = html_entity_decode($result, ENT_QUOTES);

$result = htmlspecialchars_decode($result1);

    References:

    Html entity decode

    Htmlspecialchars decode

    Although, I would definitely recommend doing what @CD001 says and use the HtmlPurifier library.

    评论

报告相同问题?

悬赏问题

  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么