PHP PDO仅在源中显示从数据库查询代码
问题描述:
I'm using PDO to query some data from my database but I have a section with raw php code that doesn't show up, only in the source as if it's trying to run.
I have the slashes stripped and I have it echoed under pre/code tags so I'm wondering as to why it won't show on the page.
Database
id name(VARCHAR) code (LONGTEXT)
1 test <?php echo /'hello world/'; ?>
PHP File
<?php
try {
$db = new PDO('mysql:host=localhost;dbname=$dbname;charset=utf8', '$username', '$password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$stmt = $db->prepare('SELECT name, codeOne FROM table_one WHERE id = :id');
$stmt->bindParam(':id', '1');
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo $row['name'] . '<pre><code>'. stripslashes($row['codeOne']) .'</code></pre>';
}
} catch(PDOException $e) {
return $e->getMessage();
};
?>
What Everyone Sees
test
View Source
test<pre><code><?php echo "Hello";?></code></pre>
答
Well just use htmlspecialchars() to encode your string, e.g.
echo htmlspecialchars('<?php echo "Hello";?>');
What you see:
<?php echo "Hello";?>
Source code:
<?php echo "Hello";?>
OR if you want to be really fancy you could use: highlight_string(), which also gives some nice color to your string:
echo highlight_string('<?php echo "Hello";?>', TRUE);