我工作的网站上有一个评论卡功能,在填写表格后,会打一个php邮件电话,通过电子邮件向人们发送评论。然而,其中一个字符串"comments"被切断了。有人能看看这段代码并告诉我为什么吗?编辑:做了一些测试,发现单引号和双引号会导致问题。任何关于处理这件事的建议都是很好的。我想使用条纹斜杠还是类似的?
这里有一个问题的例子:
Location: The place
Quality: Good
Comments: The Hot Dog at the Grill was labeled with the ''
Email: someemail@email.com
Date: 05/23/11
Time: 13:34
这是确认页面:(非常感谢帮助,这是我上班的第一天,我想不通!
<?php
$date=date("m/d/y");
$time=date("H:i");
$loc=$_POST['location'];
$qual=$_POST['quality'];
$comm=$_POST['comments'];
$em=$_POST['email'];
echo("<p class='"bodytext'">You are about to send the following information:<span><br><br><span class='"bodytextbold'">Location:</span> ".$loc."<br><br><span class='"bodytextbold'">How was your food?:</span>".$qual."<br><br><span class='"bodytextbold'">Comments: </span>".$comm."<br><br><span class='"bodytextbold'">Your email address: ".$em);
echo("<form method='"post'" action='"comment_card_email.html'">
<input type='"hidden'" name='"location'" value='"".$loc."'">
<input type='"hidden'" name='"quality'" value='"".$qual."'">
<input type='"hidden'" name='"comments'" value='"".$comm."'">
<input type='"hidden'" name='"email'" value='"".$em."'">
<input type='"hidden'" name='"date'" value='"".$date."'">
<input type='"hidden'" name='"time'" value='"".$time."'">
<input type='"submit'" class='"bodytext'" value='"submit comments'" name='"submit'"></form>");
?>
这里是接收它的html页面php脚本:
<?php
$location = $_POST['location'];
$quality = $_POST['quality'];
$comments = $_POST['comments'];
$email = $_POST['email'];
$date = $_POST['date'];
$time = $_POST['time'];
$recipients = "someemail@email.com";
function mail_staff($recipients, $location, $quality, $comments, $email, $date, $time){
mail($recipients, "Comment Card#[".$location."]".time(), "The following comment has been submitted:
Location: $location
Quality: $quality
Comments: $comments
Email: $email
Date: $date
Time: $time
", "From:".$email);
}
继续,将我的评论汇集在一起,并将它们组合成这个答案。
您可能需要考虑将heredoc用于那些长的echo语句,这将使其更干净、更容易。
echo <<<FORM
<form method="post" action="comment_card_email.html">
<input type="hidden" name="location" value="$loc">
<input type="hidden" name="quality" value="$qual">
<input type="hidden" name="comments" value="$comm">
<input type="hidden" name="email" value="$em">
<input type="hidden" name="date" value="$date">
<input type="hidden" name="time" value="$time">
<input type="submit" class="bodytext" value="submit comments" name="submit"></form>
FORM;
你对"''"的评论让我觉得你意外地逃脱了字符串的其余部分。确保你的报价没有引起问题。从示例注释的外观来看,用户似乎使用了双引号,并转义了字符串的其余部分。请尝试使用htmlspecialchar来转义这些引号。htmlspecialchar是一个PHP函数,它可以从文本中转义HTML友好实体。所以引号应该在&xxxx;总体安排因此,您不再需要担心转义引号,因为这将由实体处理。它与htmlspecialchars_decode是可逆的。所以这应该有效。
$raw = $_POST['comments'];
$stripped = stripslashes($_POST['comments'];
$comments = htmlspecialchars($stripped, ENT_QUOTES);
编辑:糟糕的是,表单没有通过heredoc,编辑后就可以工作了。