生物的BBCodes不能像我希望的那样工作

时间:2016-04-12 09:53:58

标签: php html bbcode

我有一条生物(个人信息)显示在用户的个人资料页面上。我已经添加了有效的BBCodes([b]粗体[/ b]),但是当我离开后再回来更改bio时,它会显示HTML标签。我还想删除HTML和PHP标记。截至目前,如果有人可以在他们的bio中输入PHP代码并删除表格,那将至关重要。继承了我的BBCode /改变生物代码:

<div class="fl">
        <!--BB-codes-->
    <?php
    $db = mysqli_connect("localhost", "root", "password", "table") or die ("Could not connect to database");

        if(isset($_POST['submit'])) {

        if(isset($_POST['bio_message']))
        {
                $text = $_POST['bio_message'];
                $text = stripslashes($text);
                $text = htmlspecialchars($text);
                $text = nl2br($text);

                $text = preg_replace('#\[b\](.+)\[/b\]#isU', '<b>$1</b>', $text);
                $text = preg_replace('#\[i\](.+)\[/i\]#isU', '<i>$1</i>', $text);
                $text = preg_replace('#\[u\](.+)\[/u\]#isU', '<u>$1</u>', $text);

                $text = preg_replace('#\[img\](.+)\[/img\]#isU', '<img src="$1" />', $text);
        }

            $id = htmlentities($_SESSION['user']['id'], ENT_QUOTES, 'UTF-8');

            $sql = "UPDATE users SET bio = '$text' WHERE id = '$id'";
            $db->query($sql);
        }else{}
    ?>
</div>
            <div class="title-wrapper" style="margin:auto; width:60%;">
                <h3 class="widget-title"><i class="fa fa-pencil"></i> Change Bio</h3>
                <div class="title-content">
                    <form method="post" action="/settings/change-bio">
                        <div class="fl">Bio :</div><a href="" class="a fr" style="font-size:11px; text-decoration:underline;">BB-codes</a><br/>
                        <textarea maxlength="2000" onkeyup="textCounter(this,'counter',2000);" placeholder="User has not set any bio yet..." id="bio_message" name="bio_message" class="textarea" style="max-width:100%; max-height:160px; width:100%; height:160px;"><?php
                            $id = htmlentities($_SESSION['user']['id'], ENT_QUOTES, 'UTF-8');
                            $SQL = "SELECT * FROM users WHERE id = '$id'";


                            $result = $db->query($SQL);

                            /* numeric array */

                            /* associative array */
                            $row = $result->fetch_array(MYSQLI_ASSOC);
                            printf ($row["bio"]);

                            $result->free();
                            ?></textarea>

                        <input type="submit" id="submit" name="submit" class="button" value="Set Bio" />
                        <input disabled  maxlength="3" size="3" value="2000" id="counter"> Characters remaining.
                    </form>
                </div>
            </div>

1 个答案:

答案 0 :(得分:0)

该程序正在存储已解析BBC代码的帖子 ,因此这就是文本区域中显示的内容。您需要在解析BBCode之前更新 之前的表格,然后在向用户展示bio时解析它们。或者,您也可以在数据库中为帖子的来源添加一个额外的列。

相关问题
最新问题