我正在制作一些涉及用户放置状态的内容,但每当用户使用撇号或双引号输入状态时,就会出错。
有人可以帮忙吗?谢谢! p.s“你的帖子没有太多的上下文来解释代码部分;请更清楚地解释你的场景。”
my get-posts.php
<?php
require('database/connect.php');
$result = mysql_query("SELECT * FROM posts ORDER BY date DESC");
while($row = mysql_fetch_array($result)) {
$email = $row['email'];
// To find username
$username = mysql_query("SELECT name FROM users WHERE email = '$email'");
$name = mysql_fetch_assoc($username);
// To make the date look prettier
$id = $row['id'];
$date_get = mysql_query("SELECT date FROM posts WHERE id='$id'");
$time = mysql_fetch_assoc($date_get);
$mysqldate = $time['date'];
$phpdate = strtotime( $mysqldate );
$DayMonthDay = date('l, F j', $phpdate);
$HourMinutePMAM = date('g:ia', $phpdate);
$date = $DayMonthDay." at ".$HourMinutePMAM;
echo "<div class='home-echoed-posts'>";
echo "<a href='#' class='home-echoed-posts-name'>".$name['name']."</a> ";
echo "<div class='home-echoed-posts-post'>".nl2br(stripslashes($row['post']))."</div>";
echo "<div class='home-echoed-posts-date'>".$date."</div>";
echo "</div>";
}
?>
和post.php:
<?php
session_start();
require('database/connect.php');
if(empty($_POST['post'])){
header('Location: home.php');
}
$post = $_POST['post'];
$useremail = $_SESSION['email'];
$result = mysql_query("INSERT INTO posts (post, email) VALUE ('$post', '$useremail')");
if($result==1) {
header('Location: home.php');
}else{
die('We have experienced some technical problems, please try again');
}
?>
答案 0 :(得分:1)
也许你需要逃避用户的输入?
在PHP中有addslashes ($user_status)
参考是: http://php.net/manual/en/function.addslashes.php
如果您使用的是DBMS,请确保在将状态保存到数据库之前使用DBMS特定的转义: