douruobokui58233
2013-08-27 22:32
浏览 254
已采纳

PHP检测文本字段中的换行符

I'm trying to split up the POST data of a text form field. I want the data split by each line, using the explode() function

So first I check the POST result for strange characters;

$mails = mysql_real_escape_string($_POST["emails"]);

Then I run this, which doesn't work

$emails = explode("
", $mails);

What am I doing wrong? Is it not ? Is my sql escape bit messing me up?

图片转代码服务由CSDN问答提供 功能建议

我正在尝试拆分文本表单字段的POST数据。 我想要按每个数据拆分数据 使用explode()函数

首先我检查POST结果是否有奇怪的字符;

  $ mails = mysql_real_escape_string($  _POST [“电子邮件”]); 
   
 
 

然后我运行它,这不起作用

  $  emails = explode(“
 
”,$ mails); 
   
 
 

我做错了什么? 不是 ? 我的sql转义是否让我搞砸了?

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • douzhe9927 2013-08-27 22:36
    已采纳

    You could also convert the new lines to breaks, then explode from the <br />s:

    $mails = mysql_real_escape_string(nl2br($_POST["emails"]));
    $emails = explode("<br />", $mails);
    
    已采纳该答案
    评论
    解决 无用
    打赏 举报
  • doudouwen2763 2013-08-27 22:35

    So first I check the POST result for strange characters;

    $mails = mysql_real_escape_string($_POST["emails"]);
    

    Some news here: No you did not. You just did something without understanding what you did. That is just doing strange not checking something for something strange.

    And then you need to explode on the line-separator character used. Looks like it was not " ", next try is " " and "" as well:

    $emails = preg_split("/\R/u", $_POST["emails"], -1, PREG_SPLIT_NO_EMPTY);
    

    (assuming you've got UTF-8 input)

    评论
    解决 无用
    打赏 举报
  • douyao1994 2013-08-27 22:37

    Try something like this:

    function guessLineEndings( $aString ) {
    
      assert( is_string( $aString ));
    
      if ( FALSE !== strpos( $aString, "
    " )) {
         return 1;
      } else if ( FALSE !== strpos( $aString, "
    " )) {
         return 2;
      } else if ( FALSE !== strpos( $aString, "" )) {
         return 3;
      } else {
         return -1;
      }
    
    }
    

    Note, that you can't guess an line endings, if input is a single line.

    And don't forget this, if you run dynamic SQL-queries:

    Never use escaping using e.g. mysql_real_escape_string()! Always use prepared statements!

    Pleas review OWASP's PHP Security Cheat Sheet to learn about this: Escaping is not safe!

    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题