我想做的就是将 html 注入转义到我的输入文本框中。我没有正确使用 htmlentities 吗?代码:<?php require_once "pdo.php"; // Demand a GET parameter if ( ! isset($_GET['name']) || strlen($_GET['name']) < 1 ) { die('Name parameter missing'); } else { $username = $_GET['name']; } // If the user requested logout go back to index.php if ( isset($_POST['logout']) ) { header('Location: index.php'); return; } $year = isset($_POST['year']) ? $_POST['year'] : ''; $mileage = isset($_POST['mileage']) ? $_POST['mileage'] : ''; $make = isset($_POST['make']) ? $_POST['make'] : ''; $failure = false; $success = false; if ( isset($_POST['make']) && isset($_POST['year']) && isset($_POST['mileage'])) { //$year = $_POST['year']; //$mileage = $_POST['mileage']; //$make = $_POST['make']; if ( strlen($make) < 1){ $failure = "Make is Required"; } else { if (is_numeric($year) and is_numeric($mileage) ){ error_log("year is a number ".$_POST['year']); error_log("Mileage is a number ".$_POST['mileage']); $sql = "INSERT INTO autos (make, year, mileage) VALUES (:make, :year, :mileage)"; $stmt = $pdo->prepare($sql); $stmt->execute(array( ':make' => $make, ':year' => $year, ':mileage' => $mileage)); $success = "Record Inserted"; } else { $failure = "Mileage and Year must be numeric"; error_log("year or mileage is not a number year=".$_POST['year']); error_log("Mileage or year is not a number mileage=".$_POST['mileage']); } } }输出不会转义见截图:
- 1 回答
- 0 关注
- 149 浏览
添加回答
举报
0/150
提交
取消