新人求助,关于CI XSS过滤及转义问题
我在使用的 CI 的时候,如果开启XSS过滤$config['global_xss_filtering'] = TURE;
控制器接收表单数据:
$img = $data['upload_data']['file_name'];
$title = $this->input->post('title');
$category = $this->input->post('category');
$tag = $this->input->post('tag');
$abstract = $this->input->post('abstract');
$weight = $this->input->post('weight');
$content = $this->input->post('content');
我在插入数据库的时候CI会自动过滤掉html、js标签,用代替。请问怎么解决这个问题?我不想让他过滤掉。
如果我关闭XSS过滤
$config['global_xss_filtering'] = false;
控制器接收表单数据:
$img = htmlspecialchars($data['upload_data']['file_name']);
$title = htmlspecialchars($this->input->post('title'));
$category = htmlspecialchars($this->input->post('category'));
$tag = htmlspecialchars($this->input->post('tag'));
$abstract = htmlspecialchars($this->input->post('abstract'));
$weight = htmlspecialchars($this->input->post('weight'));
$content = htmlspecialchars($this->input->post('content'));
然后我在页面输出的时候,所有的html、js、php标签全都不见了
以下两段对比
CI:
connect_error) {
die("连接失败: " . $conn->connect_error);
}
//查询数据条数的函数
function getCount($table){
global $con;
$result = $conn->query("select count(*) as linecount from $table");
$count = $result->fetch_all(3);
return $count;
}
//分页函数
function getPageData($table,$pageCount,$recoredCount,$order){
global $con;
$pageCount=($pageCount-1)*$recoredCount;
$sql="select * from $table order by $order desc limit $pageCount,$recoredCount";
$result=$conn->query($sql);
$pageDate=$result->fetch_all(3);
return $pageDate;
}
?>
原生PHP:
<?php
header("Content-type: text/html; charset=utf-8");
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "dbname";
// 创建连接
$con = new mysqli($servername, $username, $password, $dbname);
mysqli_set_charset($conn, "utf8");
if ($conn->connect_error) {
die("连接失败: " . $conn->connect_error);
}
//查询数据条数的函数
function getCount($table){
global $con;
$result = $conn->query("select count(*) as linecount from $table");
$count = $result->fetch_all(3);
return $count;
}
//分页函数
function getPageData($table,$pageCount,$recoredCount,$order){
global $con;
$pageCount=($pageCount-1)*$recoredCount;
$sql="select * from $table order by $order desc limit $pageCount,$recoredCount";
$result=$conn->query($sql);
$pageDate=$result->fetch_all(3);
return $pageDate;
}
?>
请问这种情况怎么解决???
看了一坨东西不知道在说什么,你有看过你发出来的东西是什么样子吗? 不要全局开启xss过滤,在需要的地方再使用,如果觉得麻烦需要手动扩展一下输入类。
页:
[1]