str_replace foreach 循环的错误
str_replace bug with foreach loop
我在 php 中 smiley/emoji 函数的小文本有问题,它基于 str_replace。这是我的代码。
$smileys = array( ":inlove:" => "/smileys/smiley2.png",
":cool:" => "/smileys/smiley3.png",
":tongue:" => "/smileys/smiley4.png",
":wow:" => "/smileys/smiley5.png",
":smile:" => "/smileys/smiley15.png",
":happy:" => "/smileys/smiley6.png",
":funny:" => "/smileys/smiley7.png",
":wink:" => "/smileys/smiley8.png",
":worried:" => "/smileys/smiley10.png",
":pokerface:" => "/smileys/smiley9.png",
":poop:" => "/smileys/smiley12.png",
":thinking:" => "/smileys/35_thinking.png",
":triumph:" => "/smileys/49_triumph.png",
":vulcan:" => "/smileys/109_vulcan.png",
":pointup:" => "/smileys/102_point_up_2.png",
":santa:" => "/smileys/135_santa.png",
":spy:" => "/smileys/134_spy.png");
if(isset($_POST['message'])) {
$messagePlain = $_POST['message'];
$messageSmileys = $messagePlain;
foreach($smileys as $key => $img) {
$messageSmileys = str_replace($key, '<img src="' . $img . '" />', $messageSmileys);
}
$connection->query(// Message to db);
}
它工作正常。但问题是,当用户连续输入超过 ~14 个表情符号时,HTML 会被破坏,它看起来像这样:
HTML 来源如下:
<div class="media-body">
<h4 class="media-heading">test <small>07. August. 2017 01:34</small></h4>
<img src="/smileys/smiley2.png" /> <img src="/smileys/smiley3.png" /> <img src="/smileys/smiley5.png" /> <img src="/smileys/smiley4.png" /> <img src="/smileys/smiley15.png" /> <img src="/smileys/smiley6.png" /> <img src="/smileys/smiley7.png" /> <img src="/smileys/smiley8.png" /> <img src="/smileys/smiley10.png" /> <img src="/smileys/smiley9.png" /> <img src="/smileys/smiley12.png" /> <img src="/smileys/49_triumph.png" /> <img src="/smileys/109_vulcan.png" /> <img src="/smileys/102_point_up_2.p </div>
</div>
有人可以帮我解决这个问题吗?为什么 <img> 的 HTML 标签突然被破坏了?
您的数据库字段可能有长度限制。您可能想提出这个问题,但有一个更重要的初始修复:将原始文本存储在数据库中,然后对输出执行替换。
这尤其重要,因为看起来您现在可能很容易受到 HTML 注入攻击。确保 运行 htmlspecialchars before doing the replacement and be aware of how you need to encode your output to make it safe. How to prevent XSS with HTML/PHP? 可能是一个好的开始。
查看您的输出:
<img src="/smileys/smiley2.png" /> <img src="/smileys/smiley3.png" /> <img src="/smileys/smiley5.png" /> <img src="/smileys/smiley4.png" /> <img src="/smileys/smiley15.png" /> <img src="/smileys/smiley6.png" /> <img src="/smileys/smiley7.png" /> <img src="/smileys/smiley8.png" /> <img src="/smileys/smiley10.png" /> <img src="/smileys/smiley9.png" /> <img src="/smileys/smiley12.png" /> <img src="/smileys/49_triumph.png" /> <img src="/smileys/109_vulcan.png" /> <img src="/smileys/102_point_up_2.p
以上字符串长度为499个字符。我坚信您在数据库 table 中的 message 字段被限制为 500 个字符或其他字符,并且输出被截断为这些位。
解决方案/建议
如果您正在使用 MySQL 数据库服务器,我强烈建议您将数据库类型从 VARCHAR(500) 更改为 TEXT 或 LONGTEXT。
我在 php 中 smiley/emoji 函数的小文本有问题,它基于 str_replace。这是我的代码。
$smileys = array( ":inlove:" => "/smileys/smiley2.png",
":cool:" => "/smileys/smiley3.png",
":tongue:" => "/smileys/smiley4.png",
":wow:" => "/smileys/smiley5.png",
":smile:" => "/smileys/smiley15.png",
":happy:" => "/smileys/smiley6.png",
":funny:" => "/smileys/smiley7.png",
":wink:" => "/smileys/smiley8.png",
":worried:" => "/smileys/smiley10.png",
":pokerface:" => "/smileys/smiley9.png",
":poop:" => "/smileys/smiley12.png",
":thinking:" => "/smileys/35_thinking.png",
":triumph:" => "/smileys/49_triumph.png",
":vulcan:" => "/smileys/109_vulcan.png",
":pointup:" => "/smileys/102_point_up_2.png",
":santa:" => "/smileys/135_santa.png",
":spy:" => "/smileys/134_spy.png");
if(isset($_POST['message'])) {
$messagePlain = $_POST['message'];
$messageSmileys = $messagePlain;
foreach($smileys as $key => $img) {
$messageSmileys = str_replace($key, '<img src="' . $img . '" />', $messageSmileys);
}
$connection->query(// Message to db);
}
它工作正常。但问题是,当用户连续输入超过 ~14 个表情符号时,HTML 会被破坏,它看起来像这样:
HTML 来源如下:
<div class="media-body">
<h4 class="media-heading">test <small>07. August. 2017 01:34</small></h4>
<img src="/smileys/smiley2.png" /> <img src="/smileys/smiley3.png" /> <img src="/smileys/smiley5.png" /> <img src="/smileys/smiley4.png" /> <img src="/smileys/smiley15.png" /> <img src="/smileys/smiley6.png" /> <img src="/smileys/smiley7.png" /> <img src="/smileys/smiley8.png" /> <img src="/smileys/smiley10.png" /> <img src="/smileys/smiley9.png" /> <img src="/smileys/smiley12.png" /> <img src="/smileys/49_triumph.png" /> <img src="/smileys/109_vulcan.png" /> <img src="/smileys/102_point_up_2.p </div>
</div>
有人可以帮我解决这个问题吗?为什么 <img> 的 HTML 标签突然被破坏了?
您的数据库字段可能有长度限制。您可能想提出这个问题,但有一个更重要的初始修复:将原始文本存储在数据库中,然后对输出执行替换。
这尤其重要,因为看起来您现在可能很容易受到 HTML 注入攻击。确保 运行 htmlspecialchars before doing the replacement and be aware of how you need to encode your output to make it safe. How to prevent XSS with HTML/PHP? 可能是一个好的开始。
查看您的输出:
<img src="/smileys/smiley2.png" /> <img src="/smileys/smiley3.png" /> <img src="/smileys/smiley5.png" /> <img src="/smileys/smiley4.png" /> <img src="/smileys/smiley15.png" /> <img src="/smileys/smiley6.png" /> <img src="/smileys/smiley7.png" /> <img src="/smileys/smiley8.png" /> <img src="/smileys/smiley10.png" /> <img src="/smileys/smiley9.png" /> <img src="/smileys/smiley12.png" /> <img src="/smileys/49_triumph.png" /> <img src="/smileys/109_vulcan.png" /> <img src="/smileys/102_point_up_2.p
以上字符串长度为499个字符。我坚信您在数据库 table 中的 message 字段被限制为 500 个字符或其他字符,并且输出被截断为这些位。
解决方案/建议
如果您正在使用 MySQL 数据库服务器,我强烈建议您将数据库类型从 VARCHAR(500) 更改为 TEXT 或 LONGTEXT。