mysql_real_escape_string（htmlspecialchars）函数在编辑值时不起作用

Question

我在我的网站中使用意大利语作为主要语言，所以当我编辑详细信息时，某些语言字符会自动转换为特殊字符。有谁知道如何解决这个问题......！

这里是我用来编辑数据库的价值和转换specialChars中

$title7  = mysql_real_escape_string(htmlspecialchars($_POST['title7'])); 
$description7 = mysql_real_escape_string(htmlspecialchars($_POST['description7'])); 

这里是我用来编辑数据库值

// connect to the database 
include('db.php'); 

if (isset($_POST['submit'])) 
{ 
// confirm that the 'id' value is a valid integer before getting the form data 
if (is_numeric($_POST['id'])) 
{ 
// get form data, making sure it is valid 
$id = $_POST['id']; 
$language  = mysql_real_escape_string($_POST['txtLanguage']); 
$pkg_name  = mysql_real_escape_string($_POST['pkg_name']); 
$category  = mysql_real_escape_string($_POST['category']); 
$title   = mysql_real_escape_string($_POST['title']); 
$description1 = mysql_real_escape_string($_POST['description1']); 
$title2   = mysql_real_escape_string($_POST['title2']); 
$description2 = mysql_real_escape_string($_POST['description2']); 

if ($pkg_name == '' || $category == '') 
{ 
// generate error message 
$error = 'ERROR: Please fill in Package name field!'; 

//error, display form 
renderForm($id,$language,$pkg_name,$category,$title,$description1,$title2,$description2); 
} 
else 
{ 

// save the data to the database 
mysql_query("UPDATE saved_packages SET 
language  ='$language', 
pkg_name  ='$pkg_name', 
category  ='$category', 
title   ='$title', 
description1 ='$description1', 
title2   ='$title2', 
description2 ='$description2', 
WHERE id='$id'"); 

// once saved, redirect back to the view page 
header("Location: adm_view_package.php"); 
} 
} 
else 
{ 
// if the 'id' isn't valid, display an error 
echo 'Error!'; 
} 

的完整代码的代码，这里是结果

Answer 1

将数据保存到数据库时不要使用htmlspecialchars。

您应该只做：

$title7  = mysql_real_escape_string($_POST['title7']); 
$description7 = mysql_real_escape_string($_POST['description7']); 

当呈现数据从数据库中获取，使用它：

echo htmlspecialchars($title7); 
echo htmlspecialchars($description7);