WordPress“esc ..”函数是否有任何反转功能?
问题描述:
I\'m using the standart \"esc_html\" in WordPress for insert data (textarea) to the db.
All works nice but how can I reverse the text?
For example:
I insert the text - You ready?! Let\'s go!
And in the db it\'s as I expected save it as - You ready?! Let's go!
Later, when I tried to display this text in my tooltip it\'s also display the text as You ready?! Let's go!
Please, I would like to know if there is any reverse for this function since I tried to use htmlspecialchars_decode() and realized it\'s not the same function.
Thanks!
图片转代码服务由CSDN问答提供
感谢您的意见,我们尽快改进~
功能建议
我在Wordpress中使用标准“esc_html”将数据(textarea)插入数据库。</ p >
一切正常但是如何反转文本?</ p>
例如:</ p>
我插入文本 - < 强> 你准备好了吗?! 我们走了!</ em> </ strong> </ p>
在数据库中它正如我预期的那样保存为 - 你准备好了吗?! 让我们走吧!</ code> </ p>
后来,当我试图在我的工具提示中显示这个文本时,它还显示文本为你准备好了吗?! 让我们走吧!</ code> </ p>
请问,我想知道这个函数是否有任何反转,因为我试图使用htmlspecialchars_decode()并意识到它不是 相同的功能。</ p>
谢谢!</ p>
</ div>
网友观点:
The answer is: generally speaking, you don\'t escape data when saving it to the database. You sanitize it. (And so you don\'t really need to worry about \\\"reverting\\\" the content from esc_* functions).
You sanitize the input data when you\'re about to insert it into the database to prevent SQL injection attacks. If you\'re using the insert() method from the $wpdb
object or the wp_insert_post() function to create a new post/page, then the sanizitation is done for you automatically.
If you\'re writing a custom query (eg. $wpdb->query( \\\"INSERT INTO table VALUES(\'a string\', \'another string\', \'2018-09-21 10:35:52\')\\\" );
) then you need to use the prepare() method to sanitize the query before running it (eg. $wpdb->query( $wpdb->prepare( \\\"INSERT INTO table VALUES(%s, %s, %s)\\\", array($string1, $string2, $date_string) ) );
).
When you\'re about to display the data on screen use any of the different esc_* functions to make sure nothing malicious is being printed on screen (like <script>alert(\'Hello!\');</script>
).
###
Have you tried wp_specialchars_decode() ?
https://developer.wordpress.org/reference/functions/wp_specialchars_decode/
###
There is a PHP function for this!
1 2 3 |
$string = \\\"You ready?! Let's go!\\\"; $decodedString = htmlspecialchars_decode($string, ENT_QUOTES); |
Decoded String: \'You ready?! Let\'s go!\'
1. 带 [亲测] 说明源码已经被站长亲测过!
2. 下载后的源码请在24小时内删除,仅供学习用途!
3. 分享目的仅供大家学习和交流,请不要用于商业用途!
4. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需!
5. 本站所有资源来源于站长上传和网络,如有侵权请邮件联系站长!
6. 没带 [亲测] 代表站长时间紧促,站长会保持每天更新 [亲测] 源码 !
7. 盗版ripro用户购买ripro美化无担保,若设置不成功/不生效我们不支持退款!
8. 本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解!
9. 如果你也有好源码或者教程,可以到审核区发布,分享有金币奖励和额外收入!
10.如果您购买了某个产品,而我们还没来得及更新,请联系站长或留言催更,谢谢理解 !
GG资源网 » WordPress“esc ..”函数是否有任何反转功能?