问题
I have an issue in Phpmaker and I have no clue how to solve it. I created a MySQL database (InnoDB) and a PHPMaker interface, where I copy the HTML code generated by IMDB site, at this url: www.imdb.com/plugins
This code gives me the movie rating by users. I paste into my textarea input field and save. The data saved into the column of MySQL receives a <x> in the middle of code.
This is the original (copied) code, from IMDB:
<span class="imdbRatingPlugin" data-user="ur21152180" data-title="tt3228904" data-style="p3">
<a href="http://www.imdb.com/title/tt3228904/?ref_=plg_rt_1">
<img src="http://g-ecx.images-amazon.com/images/G/01/imdb/plugins/rating/images/imdb_37x18.png" alt=" Empire (2015) on IMDb" />
</a>
</span>
<script>
(function(d,s,id){
var js,stags=d.getElementsByTagName(s)[0];
if(d.getElementById(id)){return;}
js=d.createElement(s);
js.id=id;
js.src="http://g-ec2.images-amazon.com/images/G/01/imdb/plugins/rating/js/rating.min.js";
stags.parentNode.insertBefore(js,stags);})
(document,'script','imdb-rating-api');
</script>
And this is what is saved on mysql:
<span class="imdbRatingPlugin" data-user="ur21152180" data-title="tt3228904" data-style="p3">
<a href="http://www.imdb.com/title/tt3228904/?ref_=plg_rt_1">
<img src="http://g-ecx.images-amazon.com/images/G/01/imdb/plugins/rating/images/imdb_37x18.png" alt=" Empire (2015) on IMDb" />
</a>
</span>
<s<x>cript>
(function(d,s,id){
var js,stags=d.getElementsByTagName(s)[0];
if(d.getElementById(id)){return;}
js=d.createElement(s);
js.id=id;
js.src="http://g-ec2.images-amazon.com/images/G/01/imdb/plugins/rating/js/rating.min.js";
stags.parentNode.insertBefore(js,stags);})
(document,'script','imdb-rating-api');
</script>
The <x> is being inserted in the middle of <script> tag.
Can anyone shed a light over this issue?
回答1:
phpmaker inserts < x > in 'script' word. Maybe for security reason.
I have solved this issue on phpmaker10 using server side script.
Here is the way:
First select the field that you want from left side. I named it (text). Then, click the tab named : Code (Server Events, client Scripts ....) Then under Server Events section, expand Table-Specific, expand Common, then click Row_Rendered. Replace the current code with this:
// Row Rendered event
function Row_Rendered() {
// To view properties of field class, use:
//var_dump($this-><FieldName>);
$string = $this->text->ViewValue;
$correctedText = str_replace("<x>","",$string);
$this->text->ViewValue = $correctedText;
}
There are other ways, but this was one of them.
回答2:
PHPMaker treats as security threat and due to that you are having the issue. You will need to escape that using escape character then it will work but it is not suggested as standard practice as bypassing that allow to insert script code into your db which could compromise data and its security majors.
来源:https://stackoverflow.com/questions/39936502/phpmaker-mysql-issue