问题
The html form accepts textarea input, and I am using $_POST value to put the input value to textarea when I am displaying it. For example.
<html>
<?php if($_POST['input'){
<form method="post" action="<?=$PHP_SELF?>">
<textarea name="input" cols="60" rows="20"><?=$_POST['input']?></textarea>
<input type="submit" value="Test it">
</form>
<?php
} else {
?>
Please copy in a text of your choice
<br /><br />
<form method="post" action="<?=$PHP_SELF?>">
<textarea name="input" cols="60" rows="20"></textarea>
<input type="submit" value="Test it">
</form>
</html>
Everything works fine except that backslash '\' is added to every single quote, and double quotes. How can I set some setting to prevent backslash from being added?
回答1:
Disable magic quotes - see http://php.net/manual/en/security.magicquotes.php - if you're on shared hosting and your hoster is stupid and doesn't want to / let you change it (see that page for why it is stupid), use stripslashes() on every value you get out ouf the $_GET, $_POST, $_COOKIE arrays.
On a side note, don't echo input values back (that includes PHP_SELF) into the HTML output without sending them through htmlspecialchars(), or you have security issues. See http://en.wikipedia.org/wiki/Cross-site_scripting for more information.
回答2:
After a long search I solved this problem like this:
In your page where you want to display the textarea content, just add this
< ? php echo stripslashes($shortcode_name) ? >
Of course you need to replace $shortcode_name with your shortcode.
That is all.
SOLVED
回答3:
You can also use stripslashes.
<textarea name="input" cols="60" rows="20"><?php echo stripslashes($_POST['input']); ?></textarea>
来源:https://stackoverflow.com/questions/4924864/how-can-i-prevent-from-being-added-from-the-form-input