我的表单中有一堆节,其中一些节的名称是数组,因为它们应该动态累加。我试图先对它们执行htmlspecialchars,然后单击“提交”按钮,然后在下一个确认页面上将它们回显,但由于某种原因它将无法工作。我在$ clean上执行了print_r,但是它没有显示它们的输入$ value,所以我不知道我在哪里做错了什么。
如果有人可以帮助我,那将是很棒的。
谢谢。
这里是htmlspecialchars代码的一部分。
$clean = array();
if( !empty($_POST) ) {
foreach( $_POST as $key => $value ) {
if( is_array($key)){
foreach($key as $key2 => $value2)
$clean[$key2] = htmlspecialchars( $value2, ENT_QUOTES);
} else {
$clean[$key] = htmlspecialchars( $value, ENT_QUOTES);
}
}
}
这是它的html部分
<div class="seconf-h-form">
<label>Multiple</label>
<input type="radio" id="r2" name="team_select"
onchange="toggleFunc('ex_t_button');" value="Multiple"/>
</div>
<div class="element_wrap" id="box_2">
<input type="submit" name="add" id="add" value="add more">
<label>The name of your team</label>
<input type="text" name="ex_team_n[]" id="ex_team_n"/>
<select name="ex_amount[]">
<option value="">Select</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
</select>
<div id="add_section"></div>
这是我回声的部分
<div class="element_wrap">
<label>The name of your team</label>
<p><?php echo $clean['ex_team_n']; ?></p>
</div>
<div class="element_wrap">
<label>The number of your team</label>
<p><?php echo $clean['ex_amount']; ?></p>
</div>
<input type="hidden" name="amount" value="<?php if(
$clean['team_select'] === "Multiple"){echo $clean['ex_team_n'];} ?>">
<input type="hidden" name="amount" value="<?php if(
$clean['team_select'] === "Multiple"){echo $clean['ex_amount'];} ?>">
您可以使用array_walk_recursive()转义数组中的所有数据:
// Sample data, you can use $_POST instead or any other array
$array = array(
[
'a_key' => '<b>html</b>',
'b_key' => '<a href="http://example.com/">another code</a>',
'c_key' => array('<script>alert(\'Hello\');</script>', 'No code, no change'),
],
[
'd_key' => '<small>ssup</small>',
'e_key' => 'stack',
'f_key' => 'overflow',
],
);
// Function to escape the value, you must pass the item by reference using the & operator
function html_escape(&$item){
$item = htmlspecialchars($item, ENT_QUOTES);
}
// Dump data before escaping
var_dump($array);
// Walk recursively through the array and call our function
array_walk_recursive($array, 'html_escape');
// Dump data after escaping
var_dump($array);
转义前转储的数据
array (size=2)
0 =>
array (size=3)
'a_key' => string '<b>html</b>' (length=11)
'b_key' => string '<a href="http://example.com/">another code</a>' (length=46)
'c_key' =>
array (size=2)
0 => string '<script>alert('Hello');</script>' (length=32)
1 => string 'No code, no change' (length=18)
1 =>
array (size=3)
'd_key' => string '<small>ssup</small>' (length=19)
'e_key' => string 'stack' (length=5)
'f_key' => string 'overflow' (length=8)
转义后转储的数据
array (size=2)
0 =>
array (size=3)
'a_key' => string '<b>html</b>' (length=23)
'b_key' => string '<a href="http://example.com/">another code</a>' (length=68)
'c_key' =>
array (size=2)
0 => string '<script>alert('Hello');</script>' (length=54)
1 => string 'No code, no change' (length=18)
1 =>
array (size=3)
'd_key' => string '<small>ssup</small>' (length=31)
'e_key' => string 'stack' (length=5)
'f_key' => string 'overflow' (length=8)
[Documentation代表array_walk_recursive()]
您没有遍历正确的对象,也没有创建内部数组。
替换行:
if( is_array($key)){
foreach($key as $key2 => $value2)
$clean[$key2] = htmlspecialchars( $value2, ENT_QUOTES);
with
if( is_array($value)){
foreach($value as $key2 => $value2) {
if (!isset($clean[$key])) $clean[$key] = array();
$clean[$key][$key2] = htmlspecialchars( $value2, ENT_QUOTES);
}
然后它应该可以正常工作。
function sanitizeMyArray($array) {
array_walk_recursive($array, 'standard');
return $array;
}
function standard(&$item, $key) {
//You must return this to $item for it to work.
$item = htmlspecialchars($item, ENT_QUOTES);
return $item;
}
$results = sanitizeMyArray($array);
print_r($results)
验证类功能
function htmlspecialchars_recursive ($input, $flags = ENT_COMPAT | ENT_HTML401, $encoding = 'UTF-8', $double_encode = false) {
static $flags, $encoding, $double_encode;
if (is_array($input)) {
return array_map(array($this, 'htmlspecialchars_recursive'), $input);
}
else if (is_scalar($input)) {
return htmlspecialchars($input, $flags, $encoding, $double_encode);
}
else {
return $input;
}
}
详细信息:
$ input =您的输入array()或标量类型,例如整数,浮点数,字符串或布尔值。
$ flags = PHP Available flags constant description here
$ encoding =编码类型默认:UTF-8
$ double_encode =根据您的需要,可以使用。 TURE或FALSE
函数调用
//It will convert htmlentities
$param = $this->htmlspecialchars_recursive($_REQUEST);
// print_r($param);
输出:
/*
array(
[whyiitgnq] => <ul><li><b>teste</b></li><li><b>tetst</b></li></ul><div><i><u>tets</u></i></div><div>tets</div><ol><li><b>tetst</b></li><li><b>tetst</b></li><li><b>test</b></li></ol>
[_wysihtml5_mode] => 1
[aid] => 12695
)
*/