我最後的賭注是,你正在使用預處理語句和輸入之前還逃不出你的價值,像
// newlines will be replaced with '\n' here
$value = mysql_escape_string($_POST["value"]);
$stmt = $dbh->prepare("INSERT INTO myTable (value) VALUES (?)");
// mysql will insert the contents of $value literally.
// so instead of a newline, you will have '\n' (two characters) in your database
$stmt->bindParam(1, $value);
// if you did this statement, everything would be fine. mysql would see your '\n'
// and replace it back to a newline.
mysql_query("INSERT INTO myTable (value) VALUES ('$value')");
如果情況就是這樣,你不必逃避你的價值觀。 bindParam
會爲你做這個。以下是可以安全地將用戶輸入傳送到數據庫的兩種方式的一些示例。
// not escaped
$value = $_POST["value"];
// escape characters that have special meaning for mysql
$value2 = mysql_escape_string($_POST["value2"]);
// $value2 gets inserted into the query-string. we needed to
// escape it's contents to not mix it up with actual SQL code.
$stmt = $dbh->prepare("INSERT INTO myTable (value, value2) VALUES (?, '$value2')");
// $value gets inserted using bindParam. everything is fine here.
$stmt->bindParam(1, $value);
嘗試在回顯內容之前用'str_replace()'去掉'\ r'。 EX:'str_replace(「\ r \ n」,「\ n」);' – SIFE 2012-03-12 19:13:36
我現在很困惑。你只是想刪除所有'\ r',或者你真的有2個符號\和n,而不是在文本區域換行嗎? – Basti 2012-03-12 19:22:16
我希望\ n或\ r \ n(窗口對應物)呈現爲新行而不是簡單的「\ r \ n \」文本。 – Mayhem93 2012-03-12 19:24:27