我一直致力于小型网站管理员,但遇到了一个奇怪的问题。我能够从数据库中提取内容,但似乎无法更新并将其插入数据库。如果有人能查看此代码并了解内容无法更新的原因,我将不胜感激。这是页面代码。我一定错过了什么。
<?php include("../inc/approve-admin.php"); ?>
<?php include("../inc/connect.php"); ?>
<?php
$result = mysql_query("SELECT * FROM inventory ORDER BY id");
?>
<? while ($row = mysql_fetch_assoc($result)) {
$id = $row['id'];
$information = $row['information'];
$link = $row['link'];
$title = $row['title'];
}
?>
<!DOCTYPE HTML>
<?php
$description = "Fashion Franchise";
$keywords = "Fashion Franchise";
$body = "home";
require ("../inc/header.php");
?>
<script src="../js/jquery.validate.js" type="text/javascript"></script>
<!-- for styling the form -->
<script src="../js/cmxforms.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
$("#addResource").validate();
});
</script>
<script type="text/javascript" src="../js/tiny_mce/tiny_mce.js" ></script>
<script type="text/javascript">
tinyMCE.init({
mode : "textareas"
});
</script>
<body id="<?php echo htmlentities("$body") ?>">
<div class="container_12">
<!-- Nav -->
<?php include("../inc/nav-admin.php"); ?>
<!-- / Nav -->
<div class="grid_12"> </div>
<div class="grid_12"> </div>
<!-- Adimn List -->
<?php include("../inc/admin-list.php"); ?>
<!-- / Adimn List -->
<div class="grid_7" id="white" style="min-height:400px;">
<p style="text-align:center;padding-top:20px;">
<?
if(isset($_POST['title'])) {
$information = $_POST['information'];
$link = $_POST['link'];
$title = $_POST['title'];
$query = mysql_query("UPDATE inventory SET
title = '$title',
information = '$information',
link = '$link'
WHERE id = $id LIMIT 1 ;");
if($query) {
$message = $title . " has been updated";
}else{
$message = "an error occurred while updating this entry";
}
}
?>
</p>
<? if(isset($_POST['title'])) { ?>
<div id="content_holder">
<p style="text-align:center;padding-top:20px;">
<strong><? echo $message; ?></strong><br/>
<span class="error"><? if($error_message) { echo $error_message; } ?></span>
Select a category on the left to continue editing</p>
<!-- end content_holder -->
</div>
<? }else{ ?>
<form action="inventory.php?id=<?=$id?>" enctype="multipart/form-data" name="addResource" id="addResource" method="post" class="cmxform">
<table cellpadding="10px;" cellspacing="5" width="100%" align="left" valign="top">
<tr><td colspan="2"><h1>Edit Inventory Resources</h1></td></tr>
<tr>
<td width="50%">
<span class="formTitle">General Information</span><br/>
<label>*Title</label><br/>
<input id="title" name="title" class="required" value="<?=$title?>"/>
</td>
<td width="50%"><br/>
<label>*Dropbox Link</label><br/>
<input id="link" name="link" class="required" value="<?=$link?>"/>
</td>
</tr>
<tr>
<td colspan="2">
<hr/>
</td>
</tr>
<tr><td colspan="2">
<textarea style="width: 510px; height: 400px; font-size: 12px;" id="information" name="information"><?=$information?></textarea>
</td></tr>
<tr>
<td colspan="2">
<hr/>
</td>
</tr>
<tr align="right"><td colspan="2">
<input type="submit" value="Update Inventory Resources" class="submit" /> <a href="index.php" class="cancel">Cancel</a><br/><br/>
</td></tr>
</form>
</table>
</div>
<?php include("../inc/footer.php"); ?>
<!-- / Container_12 -->
</div>
</body>
</html>
<?php
mysql_close();
?>
<? } ?>
答案 0 :(得分:1)
问题是文字中的引号:
自16世纪以来,这是一个标准的虚拟文本,当时是一台未知的打印机 拿了一个加勒
最快的解决方案是在插入表格之前逃避一切:
$information_to_insert = mysql_real_escape_string($_POST['information']);
$link_to_insert = mysql_real_escape_string($_POST['link']);
$title_to_insert = mysql_real_escape_string($_POST['title']);
$id = (int)$id; // Cast this as an integer to also make it safe
$query = mysql_query("UPDATE inventory SET
title = '$title_to_insert',
information = '$information_to_insert',
link = '$link_to_insert'
WHERE id = $id LIMIT 1 ;");
然后,在您显示的位置之后,您还需要安全显示:
$information_to_display = htmlentities($_POST['information']);
$link_to_display = htmlentities($_POST['link']);
$title_to_display = htmlentities($_POST['title']);
但是 - 请参阅评论中建议的PDO准备好的陈述。在您被迫在几年内更改所有代码之前,请立即开始。