我试着解决这个问题已经有一段时间了,我花了无数的时间在网上寻找解决方案。所以我想我会去找你们,因为我对这个问题束手无策。基本上我以前设计过一个CMS系统,最近我用PDO等更新到了现代标准,现在我好像有个问题,在MySQL数据库中插入和符号(&),所有的东西都设置为“UTF-8”,PDO连接,MySQL排序,所有的东西,然而,由于某种原因,当文本区域的表单中有一个与号时,数据会被发送,但当它到达与号时会被切断,就好像它正在解析它并切断它一样,因为它认为与号是一个漏洞。
以下是我在PHP中插入的代码:
$fbl = $_POST['fblValue'];
$fbr = $_POST['fbrValue'];
$sbl = $_POST['sblValue'];
$sbr = $_POST['sbrValue'];
$tbl = $_POST['tblValue'];
$tbr = $_POST['tbrValue'];
$fblDisabled = $_POST['fblDisabled'];
$fbrDisabled = $_POST['fbrDisabled'];
$sblDisabled = $_POST['sblDisabled'];
$sbrDisabled = $_POST['sbrDisabled'];
$tblDisabled = $_POST['tblDisabled'];
$tbrDisabled = $_POST['tbrDisabled'];
$footer = $_POST['footerValue'];
$copyright = $_POST['copyrightValue'];
$statement = $conn->prepare("UPDATE pages SET FBL = :fbl,
FBLDisabled = :fblDisabled,
FBR = :fbr,
FBRDisabled = :fbrDisabled,
SBL = :sbl, SBLDisabled = :sblDisabled,
SBR = :sbr, SBRDisabled = :sbrDisabled,
TBL = :tbr, TBLDisabled = :tblDisabled,
TBR = :tbr, TBRDisabled = :tbrDisabled,
Footer = :footer,
Copyright = :copyright
WHERE ID = :pageToEdit");
$statement->bindParam(":fbl", $fbl);
$statement->bindParam(":fblDisabled", $fblDisabled);
$statement->bindParam(":fbr", $fbr);
$statement->bindParam(":fbrDisabled", $fbrDisabled);
$statement->bindParam(":sbl", $sbl);
$statement->bindParam(":sblDisabled", $sblDisabled);
$statement->bindParam(":sbr", $sbr);
$statement->bindParam(":sbrDisabled", $sbrDisabled);
$statement->bindParam(":tbl", $tbl);
$statement->bindParam(":tblDisabled", $tbDisabled);
$statement->bindParam(":tbr", $tbr);
$statement->bindParam(":tbrDisabled", $tbrDisabled);
$statement->bindParam(":footer", $footer);
$statement->bindParam(":copyright", $copyright);
$statement->bindParam(":pageToEdit", $pageToEdit);
$statement->execute();
}
我还可以补充一下,我使用ajax发送数据,是否有可能与此有关?
以下是AJAX代码:
<script type="text/javascript">
function savePage(str1, str2, str3, str4, str5, str6, str7, str8, str9, str10, str11, str12, str13, str14)
{
var xmlhttp;
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.open("post", "putEditedPage.php", true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send("fblValue=" + str1 + "&fbrValue=" + str2 + "&sblValue=" + str3 + "&sbrValue=" + str4 + "&tblValue=" + str5 + "&tbrValue=" + str6 + "&fblDisabled=" + str7 + "&fbrDisabled=" + str8 + "&sblDisabled=" + str9 + "&sbrDisabled=" + str10 + "&tblDisabled=" + str11 + "&tbrDisabled=" + str12 + "&footerValue=" + str13 + "©rightValue=" + str14);
document.getElementById('blackout').style.display="block";
document.getElementById('Alert').style.display="block";
document.getElementById('Alert').style.marginTop=((window.innerHeight/2)+((window.innerHeight/100) * 35))+"px";
setTimeout(function(){
document.getElementById('blackout').style.display='none';
document.getElementById('Alert').style.display='none';
}, 1250);
}
function insertTab(o, e)
{
var kC = e.keyCode ? e.keyCode : e.charCode ? e.charCode : e.which;
if (kC == 9 && !e.shiftKey && !e.ctrlKey && !e.altKey)
{
var oS = o.scrollTop;
if (o.setSelectionRange)
{
var sS = o.selectionStart;
var sE = o.selectionEnd;
o.value = o.value.substring(0, sS) + "\t" + o.value.substr(sE);
o.setSelectionRange(sS + 1, sS + 1);
o.focus();
}
else if (o.createTextRange)
{
document.selection.createRange().text = "\t";
e.returnValue = false;
}
o.scrollTop = oS;
if (e.preventDefault)
{
e.preventDefault();
}
return false;
}
return true;
}
</script>
提前谢谢各位,干杯。
最佳答案
就在这里:
xmlhttp.send("fblValue=" + str1 + "&fbrValue=" + str2 + "&sblValue=" + str3 + ...
^ ^
看到那些符号了吗?它们是URL编码中的特殊字符。若要提交包含与号本身的值,需要使用URL编码转义该与号。因此,
encodeURIComponent
在将值连接到URL编码的字符串之前。也许我可以让你感兴趣:The Great Escapism (Or: What You Need To Know To Work With Text Within Text)
关于php - 将与号插入MySQL的问题,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/13238985/