我会用mysql存储用tinymce保存的新闻路径, 但是从代码发布新闻保存在文件夹中而不是插入到DB中, 奇怪的是我没有从mysql得到任何错误。 这是我的代码,谢谢,抱歉形成我的坏英语:D
<?php
/*
Configuration file
for write_post.php
*/
include ('config_db.php');
$query = "INSERT into news (path,count) values ('$qry', '1')";
$qry = NULL;
$cat= $_POST['cat'] . "/";
$newsTitel = isset($_POST['title']) ? $_POST['title'] : 'Untitled';
$submitDate = date('Y-m-d g:i:s A');
$newsContent = isset($_POST['newstext']) ? $_POST['newstext'] : 'No content';
$qry = $cat.$_POST['title'].".txt";
//$filename = date('YmdHis');
$filename = $newsTitel;
$f = fopen($cat . $filename.".txt","w+");
fwrite($f,$newsTitel."\n");
fwrite($f,$submitDate."\n");
fwrite($f,$newsContent."\n");
fclose($f);
//$post = $cat . $filename . ".txt";
if($mysqli->query($query)){
echo "<br/>";
echo "News inserita con successo!";
}else{
echo "<br/>";
echo "Errore\n" . $mysqli->error;
}
echo "<br/>";
// Try to echo $variable to check if is correct, and is ok but don't go into db
echo $qry;
?>
答案 0 :(得分:1)
在准备$ qry之前,您正在准备变量$ query。请尝试以下方法:
但是,请注意,你没有使用sprintf()和mysql_real_escape_string()不使用mysqli变量替换,强烈建议避免数据库注入。
<?php
/*
Configuration file
for write_post.php
*/
include ('config_db.php');
$qry = NULL;
$cat= $_POST['cat'] . "/";
$newsTitel = isset($_POST['title']) ? $_POST['title'] : 'Untitled';
$submitDate = date('Y-m-d g:i:s A');
$newsContent = isset($_POST['newstext']) ? $_POST['newstext'] : 'No content';
$qry = $cat.$_POST['title'].".txt";
//$filename = date('YmdHis');
$filename = $newsTitel;
$f = fopen($cat . $filename.".txt","w+");
fwrite($f,$newsTitel."\n");
fwrite($f,$submitDate."\n");
fwrite($f,$newsContent."\n");
fclose($f);
//$post = $cat . $filename . ".txt";
// preparing query here
$query = "INSERT into news (path,count) values ('$qry', '1')";
if($mysqli->query($query)){
echo "<br/>";
echo "News inserita con successo!";
}else{
echo "<br/>";
echo "Errore\n" . $mysqli->error;
}
echo "<br/>";
// Try to echo $variable to check if is correct, and is ok but don't go into db
echo $qry;
?>