Php 在wordpress数据库中插入单引号和双引号
我正在尝试将一些标题保存到wordpress中的mysql数据库,允许双引号和单引号。因此,我希望能够插入字符串,例如:Php 在wordpress数据库中插入单引号和双引号,php,mysql,regex,wordpress,Php,Mysql,Regex,Wordpress,我正在尝试将一些标题保存到wordpress中的mysql数据库,允许双引号和单引号。因此,我希望能够插入字符串,例如: A man's dog walked into the bar The "main reason" it does not work It's time to announce "The Show" in an hour 我的代码如下所示: $question_id = filter_var($_REQUEST['question_id'],
A man's dog walked into the bar
The "main reason" it does not work
It's time to announce "The Show" in an hour
$question_id = filter_var($_REQUEST['question_id'], FILTER_SANITIZE_NUMBER_INT);
$feedback_correct = preg_replace("/[^a-zA-Z0-9'\"?_\. !&-]+/","",sanitize_text_field($_REQUEST['feedback_correct']));
$feedback_incorrect = preg_replace("/[^a-zA-Z0-9'\"?_\. !&-]+/","",sanitize_text_field($_REQUEST['feedback_incorrect']));
//preg_replace is to strip out any characters we dont want in the title like "<>|}{[]/"
$data = array(
'feedback_correct' => $feedback_correct,
'feedback_incorrect' => $feedback_incorrect
);
$update_feedback = $eot_quiz->updateQuestion($data, $question_id);
A man
The "main reason" it does not work
It
<?php
$quiz_question = $eot_quiz->get_question_by_id($question_id);
?>
<div class="bs">
<div class="panel panel-default">
<form method="POST" action="#">
<div class="panel-heading">
<h3 class="panel-title"><?= $quiz_question['quiz_question']?></h3>
</div>
<div class="panel-body">
<div class="form-group">
<label for="feedback_correct">Feedback for correct answer</label>
<input type="text" class="form-control" name="feedback_correct" placeholder="Correct Feedback" value='<?= $quiz_question['feedback_correct']?>'>
</div>
<div class="form-group">
<label for="feedback_incorrect">Feedback for incorrect answer</label>
<input type="text" class="form-control" name="feedback_incorrect" placeholder="Incorrect Feedback" value='<?= $quiz_question['feedback_incorrect']?>'>
</div>
<input type='hidden' name='question_id' value="<?= $question_id ?>" />
<input type='hidden' name='quiz_id' value="<?= $quiz_id ?>" />
<input type='hidden' name='subscription_id' value="<?= $subscription_id ?>" />
<input type='hidden' name='feedback' value="true" />
<button type="submit" class="btn btn-default">Update Feedback</button>
</div>
<div class="panel-footer"><a href="/dashboard/?part=update_quiz_questions&question_id=<?= $question_id?>&quiz_id=<?= $quiz_id?>&subscription_id=<?= $subscription_id ?>" class="btn btn-success pull-right">Take me back to the Question</a><div style="clear:both"></div></div>
</form>
</div>
</div>
正确答案的反馈
在元素属性中需要某些内容时,可以使用esc\u attr
:
<input type="text" class="form-control" name="feedback_correct" placeholder="Correct Feedback" value='<?php
//Always escape before echoing to an html attribute
esc_attr($quiz_question['feedback_correct']);
?>'>
什么是$wpdb
的基类?找出它的逃逸机制并使用它
或者,使用addslashes()
请不要尝试使用preg\u replace
,您可能无法处理所有需要转义的字符。(不仅仅是撇号和引号。)不,这里没有bobby表格。wpdb
代码使用了正确的绑定参数。我尝试了bobby tables:$result=$wpdb->update(TABLE\u quick\u QUESTION,$data,array('ID'=>$ID),array('%s','%s');同样的结果可以解释preg\u replace()
方法调用的目的。请回答您的问题。@O.Jones
<input type="text" class="form-control" name="feedback_correct" placeholder="Correct Feedback" value='<?php
//Always escape before echoing to an html attribute
esc_attr($quiz_question['feedback_correct']);
?>'>