Php 使用HTML实体
我正在MySQL表列中存储HTML代码。为了插入记录,我将查询框设置为:Php 使用HTML实体,php,html,Php,Html,我正在MySQL表列中存储HTML代码。为了插入记录,我将查询框设置为: $InsertQuery = "INSERT INTO listing (ldate, places, company, designation, projectdetails, desiredcandidate, hrname, hrcontact, email) VALUES (DATE_FORMAT('" .$ldate ."','%Y/%m/%d'),'" .$places. "','" .$company. "'
$InsertQuery = "INSERT INTO listing (ldate, places, company, designation, projectdetails, desiredcandidate, hrname, hrcontact, email) VALUES (DATE_FORMAT('" .$ldate ."','%Y/%m/%d'),'" .$places. "','" .$company. "','" .$designation. "','" .htmlentities($projectdetails). "','" .htmlentities($desiredcandidate). "','" .$hrname. "','" .$hrcontact. "','" .$email. "')";
print html_entity_decode('your text here');
$FetchResultsQuery = "SELECT * FROM listing WHERE recordid=" . $SelectedRowID;
$result = mysql_query($FetchResultsQuery);
$row = mysql_fetch_row($result);
if ($row)
{
$PostedDate = date($row[0],'d.m.Y');
$Places = $row[1];
$Company = $row[2];
$Designation = $row[3];
$ProjectDetails = $row[4];
$DesiredCandidate = $row[5];
$HRName = $row[6];
$HRContact = $row[7];
$Email = $row[8];
}
<td valign="top" style="padding-left:10px; text-align:justify;"><h4> </h4>
<p><strong>Company Name: </strong> <strong><?PHP echo $Company; ?></strong></p>
<p> </p>
<p><strong>Location: </strong> <?PHP echo $Places; ?> </p>
<p> </p>
<p><strong>Posted Date: </strong><span class="style19"> <?PHP echo $PostedDate; ?></span></p>
<p> </p>
<p><strong>Designation:</strong><?PHP echo $Designation; ?></p>
<p> </p>
<p><strong>Project Details :</strong></p><br>
<?PHP echo $ProjectDetails; ?>
<p> </p>
<p><strong>HR Name: </strong> <?PHP echo $HRName; ?> </p>
<p> </p>
<p><strong> HR's Contact details: </strong><?PHP echo $HRContact; ?></p>
<p> </p>
<p><strong>Email: </strong><?PHP echo $Email; ?></p>
<p><span class="style18"><strong><br />
<br />
</strong></span></p></td>
<td></td>
$FetchResultsQuery=“从recordid=”的列表中选择*$选择单株;
$result=mysql\u查询($FetchResultsQuery);
$row=mysql\u fetch\u row($result);
如果($行)
{
$PostedDate=日期($row[0],'d.m.Y');
$Places=$row[1];
$Company=$row[2];
$Designation=$row[3];
$ProjectDetails=$row[4];
$DesiredCandidate=$row[5];
$HRName=$row[6];
$HRContact=$row[7];
$Email=$row[8];
}
公司名称:
位置:
发布日期:
名称:
项目详细信息:
人力资源名称:
人力资源部的联系方式:
电子邮件:
$InsertQuery = "INSERT INTO listing (ldate, places, company, designation, projectdetails, desiredcandidate, hrname, hrcontact, email) VALUES (DATE_FORMAT('" .$ldate ."','%Y/%m/%d'),'" .$places. "','" .$company. "','" .$designation. "','" .htmlentities($projectdetails). "','" .htmlentities($desiredcandidate). "','" .$hrname. "','" .$hrcontact. "','" .$email. "')";
print html_entity_decode('your text here');
$InsertQuery = "INSERT INTO listing (ldate, places, company, designation, projectdetails, desiredcandidate, hrname, hrcontact, email) VALUES (DATE_FORMAT('" .$ldate ."','%Y/%m/%d'),'" .$places. "','" .$company. "','" .$designation. "','" .htmlentities($projectdetails). "','" .htmlentities($desiredcandidate). "','" .$hrname. "','" .$hrcontact. "','" .$email. "')";
print html_entity_decode('your text here');
问题是,该函数将所有尖括号转换为它们的HTML实体等价物。因此,问题不是输出“,而是函数将所有尖括号转换为它们的HTML实体等价物。因此,将HTML放入数据库而不是输出“+1”几乎总是完全错误的,当然也不是一种安全措施。保持文本原始并将其编码为进入页面的最后一步,如
公司:公司: