首页 >后端开发 >php教程 >下面这段代码怎么进行htmlentities()之类的html过滤

下面这段代码怎么进行htmlentities()之类的html过滤

WBOY
WBOY原创
2016-06-23 14:22:34990浏览


应该是过滤keyword,就是把用户输入的搜索内容过滤掉html代码
麻烦知道的大哥直接给代码,小弟不怎么懂php,谢谢了

public function search()	{		global $_FANWE;		$page_args = array(			'city_py' => CURRENT_CITY_PY,			'sort' => trim($_FANWE['request']['sort']),			'keyword' => trim($_FANWE['request']['keyword']),		);		$keyword = '';		if(!empty($page_args['keyword']))		{			$page_args['keyword'] = urldecode($page_args['keyword']);			$keyword = &$page_args['keyword'];			$keyword_query = clearSymbol($page_args['keyword']);			if(!empty($keyword_query))			{				$search_txt = clearRepeat($keyword_query);				$keyword_query = segmentToUnicode($keyword_query,'+');                $fields = ",MATCH (gm.content) AGAINST ('$keyword_query') AS similarity ";				$where.=" WHERE MATCH (gm.content) AGAINST ('$keyword_query' IN BOOLEAN MODE)";			}			else				$keyword = '';		}		if(!empty($keyword))		{			$insert_sort = 'gk.cr_sort ASC';			$city_name = $_FANWE['current_city']['name'];			if(CURRENT_CITY_PY == CHINA_CITY_PY)			{				//全国不包含所有城市商品时				if($_FANWE['setting']['all_city'] == 0)				{					$where.=  " AND gk.city = '$city_name'";				}				else					$insert_sort = 'gk.r_sort ASC';			}			elseif(CURRENT_CITY_PY != '')			{				//城市显示全国商品时				if($_FANWE['setting']['index_all'] == 1)				{					$fields .= ",(gk.city = '$city_name') as is_now_city";					$insert_sort = 'is_now_city DESC,'.$insert_sort;					$quanguo_name = $_FANWE['cache']['city']['all'][CHINA_CITY_PY]['name'];					$where.=  " AND gk.city IN ('$city_name','$quanguo_name')";				}				else				{					$where.=  " AND gk.city = '$city_name'";				}			}			$order = '';			$sort = &$page_args['sort'];			$sort_array = array('spa'=>'g.shop_price ASC','spd'=>'g.shop_price DESC','eta'=>'gk.end_time ASC','etd'=>'gk.end_time DESC','cca'=>'g.click_count ASC','ccd'=>'g.click_count DESC','sa'=>'g.score ASC','sd'=>'g.score DESC','ba'=>'g.bought ASC','bd'=>'g.bought DESC','da'=>'discount ASC','dd'=>'discount DESC');			if(array_key_exists($sort,$sort_array))				$order = $sort_array[$sort];			else			{				unset($page_args['sort']);				$sort = '';			}			if(empty($order))				$order .= 'similarity DESC,'.$insert_sort.',gk.sort ASC,g.id ASC';			else				$order .= ',similarity DESC,'.$insert_sort.',gk.sort ASC,g.id DESC';			$goods_count = DB::resultFirst('SELECT COUNT(DISTINCT g.id)				FROM '.DB::table('goods_now_match').' AS gm				INNER JOIN '.DB::table('goods_now_key').' AS gk ON gk.id = gm.id				INNER JOIN '.DB::table('goods_now').' AS g ON g.id = gk.id '.$where);			$pager = buildPage('now/search',$page_args,$goods_count,$_FANWE['page'],24);			$res = DB::query('SELECT g.id,g.small_img,g.end_time,g.market_price,g.begin_time,g.shop_price,				gk.city,gk.site_id,g.is_best,g.bought,g.name,g.sort,g.site_name,g.collect_buy,g.click_count,				g.url,g.collect_count,g.add_time,(g.shop_price / g.market_price) AS discount,g.post_count'.$fields.'				FROM '.DB::table('goods_now_match').' AS gm				INNER JOIN '.DB::table('goods_now_key').' AS gk ON gk.id = gm.id				INNER JOIN '.DB::table('goods_now').' AS g ON g.id = gk.id '.$where.'				ORDER BY '.$order.' LIMIT '.$pager['limit']);			$goods_list = array();			while($goods = DB::fetch($res))			{				S('Goods')->goodsFormat($goods);				$goods_list[] = $goods;			}		}		include template('page/search_index');		display();	}


回复讨论(解决方案)

如果你的代码本身没有问题的话!只需直接加一个strip_tags函数!

public function search()	{		global $_FANWE;		$page_args = array(			'city_py' => CURRENT_CITY_PY,			'sort' => trim($_FANWE['request']['sort']),			'keyword' => strip_tags(trim($_FANWE['request']['keyword']),		));//加一个strip_tags这个就可以了		$keyword = '';		if(!empty($page_args['keyword']))		{			$page_args['keyword'] = urldecode($page_args['keyword']);			$keyword = &$page_args['keyword'];			$keyword_query = clearSymbol($page_args['keyword']);			if(!empty($keyword_query))			{				$search_txt = clearRepeat($keyword_query);				$keyword_query = segmentToUnicode($keyword_query,'+');                $fields = ",MATCH (gm.content) AGAINST ('$keyword_query') AS similarity ";				$where.=" WHERE MATCH (gm.content) AGAINST ('$keyword_query' IN BOOLEAN MODE)";			}			else				$keyword = '';		}		if(!empty($keyword))		{			$insert_sort = 'gk.cr_sort ASC';			$city_name = $_FANWE['current_city']['name'];			if(CURRENT_CITY_PY == CHINA_CITY_PY)			{				//全国不包含所有城市商品时				if($_FANWE['setting']['all_city'] == 0)				{					$where.=  " AND gk.city = '$city_name'";				}				else					$insert_sort = 'gk.r_sort ASC';			}			elseif(CURRENT_CITY_PY != '')			{				//城市显示全国商品时				if($_FANWE['setting']['index_all'] == 1)				{					$fields .= ",(gk.city = '$city_name') as is_now_city";					$insert_sort = 'is_now_city DESC,'.$insert_sort;					$quanguo_name = $_FANWE['cache']['city']['all'][CHINA_CITY_PY]['name'];					$where.=  " AND gk.city IN ('$city_name','$quanguo_name')";				}				else				{					$where.=  " AND gk.city = '$city_name'";				}			}			$order = '';			$sort = &$page_args['sort'];			$sort_array = array('spa'=>'g.shop_price ASC','spd'=>'g.shop_price DESC','eta'=>'gk.end_time ASC','etd'=>'gk.end_time DESC','cca'=>'g.click_count ASC','ccd'=>'g.click_count DESC','sa'=>'g.score ASC','sd'=>'g.score DESC','ba'=>'g.bought ASC','bd'=>'g.bought DESC','da'=>'discount ASC','dd'=>'discount DESC');			if(array_key_exists($sort,$sort_array))				$order = $sort_array[$sort];			else			{				unset($page_args['sort']);				$sort = '';			}			if(empty($order))				$order .= 'similarity DESC,'.$insert_sort.',gk.sort ASC,g.id ASC';			else				$order .= ',similarity DESC,'.$insert_sort.',gk.sort ASC,g.id DESC';			$goods_count = DB::resultFirst('SELECT COUNT(DISTINCT g.id)				FROM '.DB::table('goods_now_match').' AS gm				INNER JOIN '.DB::table('goods_now_key').' AS gk ON gk.id = gm.id				INNER JOIN '.DB::table('goods_now').' AS g ON g.id = gk.id '.$where);			$pager = buildPage('now/search',$page_args,$goods_count,$_FANWE['page'],24);			$res = DB::query('SELECT g.id,g.small_img,g.end_time,g.market_price,g.begin_time,g.shop_price,				gk.city,gk.site_id,g.is_best,g.bought,g.name,g.sort,g.site_name,g.collect_buy,g.click_count,				g.url,g.collect_count,g.add_time,(g.shop_price / g.market_price) AS discount,g.post_count'.$fields.'				FROM '.DB::table('goods_now_match').' AS gm				INNER JOIN '.DB::table('goods_now_key').' AS gk ON gk.id = gm.id				INNER JOIN '.DB::table('goods_now').' AS g ON g.id = gk.id '.$where.'				ORDER BY '.$order.' LIMIT '.$pager['limit']);			$goods_list = array();			while($goods = DB::fetch($res))			{				S('Goods')->goodsFormat($goods);				$goods_list[] = $goods;			}		}		include template('page/search_index');		display();	}

$string = preg_replace("']*?>'si", "", $string);  

声明:
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn