我有一条生物(个人信息)显示在用户的个人资料页面上。我已经添加了有效的BBCodes([b]粗体[/ b]),但是当我离开后再回来更改bio时,它会显示HTML标签。我还想删除HTML和PHP标记。截至目前,如果有人可以在他们的bio中输入PHP代码并删除表格,那将至关重要。继承了我的BBCode /改变生物代码:
<div class="fl">
<!--BB-codes-->
<?php
$db = mysqli_connect("localhost", "root", "password", "table") or die ("Could not connect to database");
if(isset($_POST['submit'])) {
if(isset($_POST['bio_message']))
{
$text = $_POST['bio_message'];
$text = stripslashes($text);
$text = htmlspecialchars($text);
$text = nl2br($text);
$text = preg_replace('#\[b\](.+)\[/b\]#isU', '<b>$1</b>', $text);
$text = preg_replace('#\[i\](.+)\[/i\]#isU', '<i>$1</i>', $text);
$text = preg_replace('#\[u\](.+)\[/u\]#isU', '<u>$1</u>', $text);
$text = preg_replace('#\[img\](.+)\[/img\]#isU', '<img src="$1" />', $text);
}
$id = htmlentities($_SESSION['user']['id'], ENT_QUOTES, 'UTF-8');
$sql = "UPDATE users SET bio = '$text' WHERE id = '$id'";
$db->query($sql);
}else{}
?>
</div>
<div class="title-wrapper" style="margin:auto; width:60%;">
<h3 class="widget-title"><i class="fa fa-pencil"></i> Change Bio</h3>
<div class="title-content">
<form method="post" action="/settings/change-bio">
<div class="fl">Bio :</div><a href="" class="a fr" style="font-size:11px; text-decoration:underline;">BB-codes</a><br/>
<textarea maxlength="2000" onkeyup="textCounter(this,'counter',2000);" placeholder="User has not set any bio yet..." id="bio_message" name="bio_message" class="textarea" style="max-width:100%; max-height:160px; width:100%; height:160px;"><?php
$id = htmlentities($_SESSION['user']['id'], ENT_QUOTES, 'UTF-8');
$SQL = "SELECT * FROM users WHERE id = '$id'";
$result = $db->query($SQL);
/* numeric array */
/* associative array */
$row = $result->fetch_array(MYSQLI_ASSOC);
printf ($row["bio"]);
$result->free();
?></textarea>
<input type="submit" id="submit" name="submit" class="button" value="Set Bio" />
<input disabled maxlength="3" size="3" value="2000" id="counter"> Characters remaining.
</form>
</div>
</div>
答案 0 :(得分:0)
该程序正在存储已解析BBC代码的帖子 ,因此这就是文本区域中显示的内容。您需要在解析BBCode之前更新 之前的表格,然后在向用户展示bio时解析它们。或者,您也可以在数据库中为帖子的来源添加一个额外的列。