htmlspecialchars

Laravel htmlspecialchars() expects parameter 1 to be string, object given in my project?

心不动则不痛 提交于 2020-12-06 16:46:39
问题 So i'm trying to code a simple website form. But it has this htmlspecialchars error. I've tried to make {{ $message }} but it didn't work. has the same error. this is my controller : <?php namespace App\Http\Controllers; use Mail; use Illuminate\Http\Request; class ContactMessageController extends Controller { public function create() { return view('form'); } public function store(Request $request) { $this->validate($request, [ 'name' => 'required', 'email' => 'required|email', 'address' =>

Is there a Python equivalent to the PHP function htmlspecialchars()?

折月煮酒 提交于 2020-01-22 05:48:04
问题 Is there a similar or equivalent function in Python to the PHP function htmlspecialchars()? The closest thing I've found so far is htmlentitydefs.entitydefs(). 回答1: Closest thing I know about is cgi.escape. 回答2: from django.utils.html import escape print escape('<div class="q">Q & A</div>') 回答3: You probably want xml.sax.saxutils.escape: from xml.sax.saxutils import escape escape(unsafe, {'"':'"'}) # ENT_COMPAT escape(unsafe, {'"':'"', '\'':'''}) # ENT_QUOTES escape(unsafe) # ENT_NOQUOTES

Twig - use quotation mark as separator for join filter

和自甴很熟 提交于 2020-01-13 05:50:46
问题 I pass my template an array of strings which I would like to convert to a jaavascript array: Controller file (php): $myVar = array('a','b','c'); Desired html: var myVar = ["a","b","c"]; I try the following code (twig): var myVar = ["{{ myVar | join('","') }}"]; But the twig generator converts the quotation marks to html entities and this is the result: var myVar = ["a","b","c"]; Some idea? 回答1: You need to apply the raw filter: var myVar = ["{{ myVar | join('","') | raw }}"]; 来源: https:/

Is it good to use htmlspecialchars() before Inserting into MySQL?

China☆狼群 提交于 2020-01-12 14:19:08
问题 I am a little confused on this. I have been reading about htmlspecialchars() and I am planning to use this for the textareas POST to prevent XSS attack. I understand that usually htmlspecialchars() are used to generate the HTML output that is sent to the browser. But what I am not sure is: 1) Is it a safe practice to use htmlspecialchars() to the user input data before I insert it into MySQL? I am already using PDO prepared statement with parameterized values to prevent SQL Injection. 2) Or,

htmlspecialchars - different escaping for attributes compared to everything else?

两盒软妹~` 提交于 2020-01-05 12:29:11
问题 I have been reading up on htmlspecialchars() for escaping user input and user input from the database. Before anyone says anything, yes, I am filtering on db input as well as using prepared statements with bindings. I am only concerned about securing the output. I am confused as to when to use ENT_COMPAT , ENT_QUOTES , ENT_NOQUOTES . I came across the following excerpt while doing my research: The second argument in the htmlspecialchars() call is ENT_COMPAT . I've used that because it's a

Laravel e function (htmlentities) is not fully working, scripts can still be executed (only once)

假装没事ソ 提交于 2020-01-05 08:06:30
问题 I am trying to use the e function in Laravel which is equivalent to the htmlentities PHP function. In my Form view and Controller I am trying to save a document that uses the e function which looks like this: Form view: {{ Form::text('client_name') }} Controller: $client = new Client; $client->client_name = e(Input::get('client_name')); $client->save(); Say I wrote <script type="text/javascript">alert('gotcha!');</script> into the client_name field. I then save it to database but when it

htmlspecialchars causing text to disapear

北城以北 提交于 2020-01-04 09:24:30
问题 I encountered a particular string (it's not completely printable, but you can see it below) that causes a htmlspecialchars() to return a zero-length string. Is there any way this can be fixed? $Stmnt = 'SELECT subject_name FROM bans WHERE id = 2321'; $Fetch = $Conn->query($Stmnt); if(!$Fetch) die('Could not query DB'); while($Row = $Fetch->fetch_array(MYSQLI_ASSOC)) { $RawName = $Row['subject_name']; $RawLen = strlen($RawName); echo('RAW NAME: ['.$RawName.']'.', LENGTH: ['.$RawLen.']'.'<br />

htmlspecialchars causing text to disapear

一曲冷凌霜 提交于 2020-01-04 09:24:06
问题 I encountered a particular string (it's not completely printable, but you can see it below) that causes a htmlspecialchars() to return a zero-length string. Is there any way this can be fixed? $Stmnt = 'SELECT subject_name FROM bans WHERE id = 2321'; $Fetch = $Conn->query($Stmnt); if(!$Fetch) die('Could not query DB'); while($Row = $Fetch->fetch_array(MYSQLI_ASSOC)) { $RawName = $Row['subject_name']; $RawLen = strlen($RawName); echo('RAW NAME: ['.$RawName.']'.', LENGTH: ['.$RawLen.']'.'<br />

PHP htmlspecialchars error

半世苍凉 提交于 2020-01-04 05:13:09
问题 why would this $trader_details = array_walk($trader_details, 'htmlspecialchars'); give this error? Severity: Warning Message: htmlspecialchars() expects parameter 2 to be long, string given afaik htmlspecialchars only has optional parameters apart from the input string? this running in codeigniter thx 回答1: The callback function passed to array_walk expects the second parameter to be the key of the array element: Typically, funcname takes on two parameters. The array parameter's value being

php XML DOM translates special chars to &#xYY;

三世轮回 提交于 2020-01-01 16:26:08
问题 I send this with AJAX POST: <li><ul class "zone zCentral ui-sortable"><li><ul class="region rCol3 ui-sortable"><li class="" style=""><div><span class="tc tc_video">574081</span> <span>video: 'Mundo.Hoy': ¿Dónde habré olvidado... mi memoria?</span></div></li></ul></li></ul></li> I do this to create XML: header('Content-type: text/html; charset=utf-8'); if(isset($_POST) && isset($_POST['data'])) { $data = '<ul id="zone_container" class="ui-sortable">'; $data .= $_POST['data']; $data .= '</ul>';