dqfsbvd43312
2014-03-20 17:15
采纳率: 0%
浏览 54
已采纳

为什么str_replace php函数不能用于替换从数组传递的字符串中的引号,以用于$ _GET

I am trying to sanitize my URL, and the GET variable may contain a quotation mark, single or double.

$teststring = $row['story_title'];
$sanitized_test = str_replace("'", "~", $teststring);
echo $teststring . " versus " . $sanitized_test;

What this prints:

'''' versus ''''

What i expect it to print:

'''' versus ~~~~

When $teststring = "''''"; everything works fine. Why is this happening?

图片转代码服务由CSDN问答提供 功能建议

我正在尝试清理我的网址,而 GET 变量可能包含一个引号 单个或双个。

  $ teststring = $ row ['story_title']; 
 $ sanitized_test = str_replace(“'”,“〜”,$ teststring); \  necho $ teststring。  “ 与 ” 。  $ sanitized_test; 
   
 
 

打印的内容:

 ''''与''''
 <  / code>  
 
 

我期望打印的内容:

 ''''与~~~~ 
    
 
 

$ teststring =“'''''; 时,一切正常。 为什么会这样?

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongyou6909 2014-03-21 15:07
    已采纳

    The problem was, htmlentities. I had forgotten that for security reasons I was sanitizing the input of the data into a database with html entities, among other functions. When I was testing I just assumed to check what the value of $row['story_title'] was by printing it, and you know what they say about assumptions.

    It came to me after I made a duplicate array with the same process and it worked. Went to check my database and there it was, "&#039;&#039;&#039;&#039;". Oops! Essentially the issue was it wasn't finding any of the single quotes i was trying to match from that string, however when one prints that string it will show quotes.

    Ultimately I changed my code to $sanitized_test = str_replace("&#039;", "~", $row['story_id']); and voila! It works.

    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题