dqfsbvd43312 2014-03-20 17:15 采纳率: 0%
浏览 54
已采纳

为什么str_replace php函数不能用于替换从数组传递的字符串中的引号,以用于$ _GET

I am trying to sanitize my URL, and the GET variable may contain a quotation mark, single or double.

$teststring = $row['story_title'];
$sanitized_test = str_replace("'", "~", $teststring);
echo $teststring . " versus " . $sanitized_test;

What this prints:

'''' versus ''''

What i expect it to print:

'''' versus ~~~~

When $teststring = "''''"; everything works fine. Why is this happening?

  • 写回答

1条回答 默认 最新

  • dongyou6909 2014-03-21 15:07
    关注

    The problem was, htmlentities. I had forgotten that for security reasons I was sanitizing the input of the data into a database with html entities, among other functions. When I was testing I just assumed to check what the value of $row['story_title'] was by printing it, and you know what they say about assumptions.

    It came to me after I made a duplicate array with the same process and it worked. Went to check my database and there it was, "''''". Oops! Essentially the issue was it wasn't finding any of the single quotes i was trying to match from that string, however when one prints that string it will show quotes.

    Ultimately I changed my code to $sanitized_test = str_replace("'", "~", $row['story_id']); and voila! It works.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?