之前我问过这个问题,但不是很好!基本上我有一个CMS的编辑页面,沿线的某个地方(从元素开始),字段显示在它们应该显示的位置旁边的框中。任何想法为什么?
<?php
if(isset($_GET['id']))
{
$query = "SELECT * ".
"FROM studies ".
"WHERE id = '".$_GET['id']."'";
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $pagetitle, $title, $date, $copy, $outputs, $strategies, $client, $niche, $media, $thumbmedia, $newfieldtitle, $newfieldcontent) = mysql_fetch_array($result, MYSQL_NUM);
}
if(isset($_POST['update1']))
{
$id = $_POST['id'];
$pagetitle = $_POST['pagetitle'];
$title = $_POST['title'];
$date = $_POST['date'];
$copy = $_POST['copy'];
$outputs = $_POST['outputs'];
$strategies = $_POST['strategies'];
$client = $_POST['client'];
$niche = $_POST['niche'];
$media = $_POST['media'];
$thumbmedia = $_POST['thumbmedia'];
$newfieldtitle = $_POST['newfieldtitle'];
$newfieldcontent = $_POST['newfieldcontent'];
if(!get_magic_quotes_gpc())
{
$pagetitle = addslashes($pagetitle);
$title = addslashes($title);
$date = addslashes($date);
$copy = addslashes($copy);
$outputs = addslashes($outputs);
$strategies = addslashes($strategies);
$client = addslashes($client);
$niche = addslashes($niche);
$media = addslashes($media);
$thumbmedia = addslashes($thumbmedia);
$newfieldtitle = addslashes($newfieldtitle);
$newfieldcontent = addslashes($newfieldcontent);
}
// update the article in the database
$query = "UPDATE studies
SET pagetitle = '$pagetitle', title = '$title', date = '$date', copy = '$copy', outputs = '$outputs', strategies = '$strategies', client = '$client', niche = '$niche', media = '$media', thumbmedia = '$thumbmedia', newfieldtitle = '$newfieldtitle', newfieldcontent = '$newfieldcontent' ".
"WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
@unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
@unlink($cacheDir . 'index.html');
echo "<b>Article '$title' updated</b>";
// now we will display $title & content
// so strip out any slashes
$pagetitle = stripslashes($pagetitle);
$title = stripslashes($title);
$date = stripslashes($date);
$copy = stripslashes($copy);
$outputs = stripslashes($outputs);
$strategies = stripslashes($strategies);
$client = stripslashes($client);
$niche = stripslashes($niche);
$media = stripslashes($media);
$thumbmedia = stripslashes($thumbmedia);
$newfieldtitle = stripslashes($newfieldtitle);
$newfieldcontent = stripslashes($newfieldcontent);
}
?>
<div class="container">
<form method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>">
<p class="subheadsmall">Browser Title</p>
<textarea cols="40" rows="1" class="box" name="pagetitle" id="editbox"><?php echo $pagetitle; ?></textarea>
<p class="subheadsmall">Story Title</p>
<textarea cols="40" rows="1" class="box" name="title" id="editbox"><?php echo $title; ?></textarea>
<p class="subheadsmall">Date</p>
<textarea cols="40" rows="1" class="box" name="date" id="editbox"><?php echo $date; ?></textarea>
<p class="subheadsmall">Story</p>
<textarea cols="80" rows="10" class="box" name="copy" id="editbox"><?php echo $copy; ?></textarea>
<p class="subheadsmall">Outputs</p>
<textarea cols="80" rows="10" class="box" name="outputs" id="editbox"><?php echo $outputs; ?></textarea>
<p class="subheadsmall">Strategies</p>
<p class="subheadsmall">Client</p>
<select name="client">
<option value="empty">Select a Client...</option>
<?php
$result2 = mysql_query("SELECT name FROM clients");
if (!$result2) {
die("Database query failed: " . mysql_error());
}
while($row = mysql_fetch_array($result2)) {
$clientlist = $row['name'];
$clientname = htmlspecialchars($row['name']);
if ($_POST['client'] == $clientlist)
{
echo '<option value="' . $clientlist . '" selected="selected" >' . $clientname . '</option>' . '\n';
}
else{
echo '<option value="' . $clientlist . '" >' . $clientname . '</option>' . '\n';
}
}
?>
</select>
<p class="subheadsmall">Core Classification</p>
<?php
switch ($niche) {
case "brand":
echo '<input type="radio" name="niche" value="brand" checked="checked" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
case "marketing":
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" checked="checked" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
case "communication":
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" checked="checked" />Communication';
break;
default;
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
}
?>
<p class="subheadsmall">Add New Strategy</p>
<textarea cols="40" rows="1" class="box" name="strategies" id="editbox"><?php echo $strategies; ?></textarea>
<p class="subheadsmall">Media</p>
<textarea cols="80" rows="10" class="box" name="media" id="editbox"><?php echo $media; ?></textarea>
<p class="subheadsmall">Thumbnail image</p>
<textarea cols="80" rows="3" class="box" name="thumbmedia" id="editbox"><?php echo $thumbmedia; ?></textarea>
<p class="subheadsmall">Additional Field</p>
<p class="subheadsmall">Additional Field Title</p>
<textarea cols="40" rows="1" class="box" name="newfieldtitle" id="editbox"><?php echo $newfieldtitle; ?></textarea>
<p class="subheadsmall">Additional Field Content</p>
<textarea cols="40" rows="3" class="box" name="newfieldcontent" id="editbox"><?php echo $newfieldcontent; ?></textarea>
<input name="update1" type="submit" class="box" id="editbutton" value="Update Article">
</form>
答案 0 :(得分:3)
关于安全的附注:
请为了互联网和所有用户,请不要使用mysql_query。请使用PDO http://php.net/pdo。它会自动转义变量,因此您没有SQL漏洞。
如果必须使用mysql_query(对于遗留代码),请确保在查询字符串中使用之前通过http://php.net/mysql_real_escape_string运行每个变量。
答案 1 :(得分:2)
我认为你只是将错误的内容分配给错误的变量,这应该发生在这里:
list($id, $pagetitle, $title, ...) = mysql_fetch_array($result, MYSQL_NUM);
您依赖于您的代码所在的数据库字段。不太可靠且难以维护。
为什么要首先将它们从数组中复制到单独的变量中呢?只要保持原样,直到你需要它们为止:
<?php $row = mysql_fetch_assoc($result); ?>
...
<textarea name="date"><?php echo $row['date']; ?></textarea>
答案 2 :(得分:0)
我已经重写了一些我看过的问题。
<?php
if(isset($_GET['id']))
{
$query = "SELECT * FROM studies WHERE id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $pagetitle, $title, $date, $copy, $outputs, $strategies, $client, $niche, $media, $thumbmedia, $newfieldtitle, $newfieldcontent) = mysql_fetch_array($result, MYSQL_NUM);
}
if(isset($_POST['update1']))
{
$id = $_POST['id'];
$pagetitle = $_POST['pagetitle'];
$title = $_POST['title'];
$date = $_POST['date'];
$copy = $_POST['copy'];
$outputs = $_POST['outputs'];
$strategies = $_POST['strategies'];
$client = $_POST['client'];
$niche = $_POST['niche'];
$media = $_POST['media'];
$thumbmedia = $_POST['thumbmedia'];
$newfieldtitle = $_POST['newfieldtitle'];
$newfieldcontent = $_POST['newfieldcontent'];
// update the article in the database
$query = "UPDATE studies
SET pagetitle = '" . mysql_real_escape_string($pagetitle) . "', title = '" . mysql_real_escape_string($title) . "', date = '" . mysql_real_escape_string($date) . "', copy = '" . mysql_real_escape_string($copy) . "', outputs = '" . mysql_real_escape_string($outputs) . "', strategies = '" . mysql_real_escape_string($strategies) . "', client = '" . mysql_real_escape_string($client) . "', niche = '" . mysql_real_escape_string($niche) . "', media = '" . mysql_real_escape_string($media) . "', thumbmedia = '" . mysql_real_escape_string($thumbmedia) . "', newfieldtitle = '" . mysql_real_escape_string($newfieldtitle) . "', newfieldcontent = '" . mysql_real_escape_string($newfieldcontent) . "' ".
"WHERE id = '" . mysql_real_escape_string($id) . "'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
@unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
@unlink($cacheDir . 'index.html');
echo "<b>Article '$title' updated</b>";
}
?>
<div class="container">
<form method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>">
<p class="subheadsmall">Browser Title</p>
<textarea cols="40" rows="1" class="box" name="pagetitle" id="editbox"><?php echo $pagetitle; ?></textarea>
<p class="subheadsmall">Story Title</p>
<textarea cols="40" rows="1" class="box" name="title" id="editbox"><?php echo $title; ?></textarea>
<p class="subheadsmall">Date</p>
<textarea cols="40" rows="1" class="box" name="date" id="editbox"><?php echo $date; ?></textarea>
<p class="subheadsmall">Story</p>
<textarea cols="80" rows="10" class="box" name="copy" id="editbox"><?php echo $copy; ?></textarea>
<p class="subheadsmall">Outputs</p>
<textarea cols="80" rows="10" class="box" name="outputs" id="editbox"><?php echo $outputs; ?></textarea>
<p class="subheadsmall">Strategies</p>
<p class="subheadsmall">Client</p>
<select name="client">
<option value="empty">Select a Client...</option>
<?php
$result2 = mysql_query("SELECT name FROM clients") or die("Database query failed: " . mysql_error());
while($row = mysql_fetch_assoc($result2)) {
$clientlist = $row['name'];
$clientname = htmlspecialchars($row['name']);
if ($_POST['client'] == $clientlist)
{
echo '<option value="' . $clientlist . '" selected="selected" >' . $clientname . '</option>' . '\n';
}
else{
echo '<option value="' . $clientlist . '" >' . $clientname . '</option>' . '\n';
}
}
?>
</select>
<p class="subheadsmall">Core Classification</p>
<?php
switch ($niche) {
case "brand":
echo '<input type="radio" name="niche" value="brand" checked="checked" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
case "marketing":
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" checked="checked" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
case "communication":
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" checked="checked" />Communication';
break;
default;
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
}
?>
<p class="subheadsmall">Add New Strategy</p>
<textarea cols="40" rows="1" class="box" name="strategies" id="editbox"><?php echo $strategies; ?></textarea>
<p class="subheadsmall">Media</p>
<textarea cols="80" rows="10" class="box" name="media" id="editbox"><?php echo $media; ?></textarea>
<p class="subheadsmall">Thumbnail image</p>
<textarea cols="80" rows="3" class="box" name="thumbmedia" id="editbox"><?php echo $thumbmedia; ?></textarea>
<p class="subheadsmall">Additional Field</p>
<p class="subheadsmall">Additional Field Title</p>
<textarea cols="40" rows="1" class="box" name="newfieldtitle" id="editbox"><?php echo $newfieldtitle; ?></textarea>
<p class="subheadsmall">Additional Field Content</p>
<textarea cols="40" rows="3" class="box" name="newfieldcontent" id="editbox"><?php echo $newfieldcontent; ?></textarea>
<input name="update1" type="submit" class="box" id="editbutton" value="Update Article">
</form>
编辑:我对您的代码进行了一些更改,我认为您的问题源于此行:
while($row = mysql_fetch_array($result2)) {
我认为您正在寻找mysql_fetch_assoc()数组。