问题
I'm using the contenteditable feature on a personal project to update a sql database, however when I update the content it adds html tags into the database i.e.
<div id="lipsum" style="font-size: 11px; font-family: Arial, Helvetica, sans;
text-align: justify; font-style: normal; font-variant: normal; line-height: normal;">
<p style="font-size: 11px; line-height: 14px; margin-bottom: 14px;">
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin tincidunt tincidunt tellus,
ac tincidunt magna imperdiet volutpat. Pellentesque pharetra lorem vitae velit gravida,
eget gravida tellus volutpat. Praesent viverra nulla at arcu fringilla, quis semper ligula
What are my solutions in terms of stripping these tags out? Can i use jquery or php? Can anyone show me some working examples?
This is the code I am using to update my database
save.php
<?php
include("db.php");
$content = $_POST['content'];
$firstname = $_POST['firstname'];//get posted data
$content = mysql_real_escape_string($content);
$firstname = mysql_real_escape_string($firstname);//escape string
$sql = "UPDATE datadump SET firstname = '$firstname', content = '$content' WHERE id = '1'";
if (mysql_query($sql))
{
echo 1;
}
?>
js/js.js
$(document).ready(function() {
$("#save").click(function (e) {
var content = $('#content').html();
var firstname = $('#firstname').html();
$.ajax({
url: 'save.php',
type: 'POST',
data: {content: content, firstname: firstname},
success:function (data) {
if (data == '1')
{
$("#status")
.addClass("success")
.html("Data saved successfully")
.fadeIn('fast')
.delay(3000)
.fadeOut('slow');
}
if (data == '1')
{
$("#status")
.addClass("success")
.html("Data saved successfully")
.fadeIn('fast')
.delay(3000)
.fadeOut('slow');
}
else
{
$("#status")
.addClass("error")
.html("An error occured, the data could not be saved")
.fadeIn('fast')
.delay(3000)
.fadeOut('slow');
}
}
});
});
$("#maincontent").click(function (e) {
$("#save").show();
e.stopPropagation();
});
$(document).click(function() {
$("#save").hide();
});
});
回答1:
Use the strip_tags() function.
Change this;
$content = mysql_real_escape_string($content);
To this;
$content = mysql_real_escape_string( strip_tags( $content ) );
来源:https://stackoverflow.com/questions/18283023/php-remove-html-tags