I've tried addslashes, mysql_escape_string, and mysql_开发者_如何转开发real-escape_string. None of them are working and I'm not sure what else to try
addslashes(), mysql_escape_string() and mysql_real_escape_string() only escapes quotes to prevent SQL-injection. Ex:
<?php
$string = 'He said, "Do not quote me!"';
mysql_real_escape($string);
// string becomes: 'He said, \"Do not quote me!\"'
I'm guessing your problem lies with the less than (<) and greater than symbols (>).
If you're trying select the rows, then display the HTML for rendering, then you'll be fine just echoing out the raw HTML (minus any XSS security issue). But if you're trying to display the HTML in a input box in form, then you need to replace the literal < and > symbols with their entity equivalents (< and >).
精彩评论