我被要求创建在线注册表。我差点儿完成但是出现了一些问题。要注册活动,我创建了一个新页面,他们可以在其中查看活动的详细信息。但是,当文本写入文件大约一半时,它开始将输入写为文本而不是html / php代码。任何帮助将不胜感激。
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php
$sitename = $_POST[eName];
$title = $_POST[eName];
$sDate = $_POST[sDate];
$enDate = $_POST[enDate];
$exDate = $_POST[exDate];
$desc = $_POST[desc];
$pName = $_POST[eName];
$con=mysqli_connect("localhost","emuas","flgdls","EMUAS_signUp");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO TEST (EventName, StartDate, EndDate, ExpiryDate, PageName, Description)
VALUES
('$_POST[eName]','$_POST[sDate]','$_POST[enDate]','$_POST[exDate]','$_POST[eName]','$_POST[desc]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
$eventID = mysqli_insert_id($con);
$fileStart='<html>
<head>
<title>';
$fileStTable=' </title>
</head>
<body>
<table>
<tr align="left">
<th> ';
$fileSDate=' </th>
</tr>
<tr align="left">
<th> Start Date: </br>';
$fileEnDate='</th>
<th> End Date: </br>';
$fileExDate='</th>
<th> Expiry Date: </br>';
$fileDesc='</th>
</tr>
</table>
<table id =createSheet>
<tr align="left">
<th> Description: </br>';
$fileEnTable='</th>
</tr>
</table>
';
$fileStPHP='
<?php
$con=mysqli_connect("localhost","emuas","flgdls","EMUAS_signUp");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sign = mysqli_query($con,"SELECT * FROM SIGN_UP_TEST ORDER BY User");
echo "<table>
<tr>
<th>Name</th>
<th>Status</th>
<th>Comments</th>
</tr>"; //Error Starts here. The "; are written as text and so is everything afterwards, until $fileStForm
while($row = mysqli_fetch_array($sign))
{
while($row["EventID"]=';
$fileEnPHP='echo "<tr>";
echo "<td>" . $row["User"] . "</td>";
echo "<td>" . $row["Comments"] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>';
$fileStForm='
<form action="sign_user.php" method="post">
<input type="hidden" name="id" value="';
$fileEnForm='" />
<table>
<tr>
<td> Name: <br /> <input type="text" name="user" /> </td>
</tr>
<tr>
<td> Comments: <br /> <input type="text" name="comments" /> <input type="submit" value="Sign Up"/> </td>
</tr>
</table>
</form>';
$fileEnd=' </body>
</html>';
$fp = fopen("sign_up_sheets/$sitename.html", "w");
fputs($fp, $fileStart);
fputs($fp, $title);
fputs($fp, $fileStTable);
fputs($fp, $sitename);
fputs($fp, $fileSDate);
fputs($fp, $sDate);
fputs($fp, $fileEnDate);
fputs($fp, $enDate);
fputs($fp, $fileExDate);
fputs($fp, $exDate);
fputs($fp, $fileDesc);
fputs($fp, $desc);
fputs($fp, $fileEnTable);
fputs($fp, $fileStPHP);
fputs($fp, $eventID);
fputs($fp, $fileEnPHP);
fputs($fp, $fileStForm);
fputs($fp, $eventID);
fputs($fp, $fileEnForm);
fputs($fp, $fileEnd);
fclose($fp);
mysqli_close($con);
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Your sheet has been created')
window.location.href='sign_up.php';
</SCRIPT>");
?>
</body>
</html>
答案 0 :(得分:0)
当然,正如戴文所写,你的MySQL并不正确(SQL注入)。我发现了一些其他问题。
您正在创建php脚本,但将其保存为html文件$fp = fopen("sign_up_sheets/$sitename.html", "w");(为什么?)您应该使用php,因为您的服务器没有将html扩展名解析为php脚本。这是正确的$fp = fopen("sign_up_sheets/$sitename.php", "w");(在我看来)
你的while循环中有一些错误。请查看您的$fileStPHP变量。
你有while循环但只有外循环是正确的。也许你想要在那里声明? while($row["EventID"]='; //inner loop ? But this hasn't got any logical explanation在我看来,这段代码应该与此类似:
while ($row = mysqli_fetch_array($sign)){
if($row["EventID"]==';
$fileEnPHP=') {
echo "<tr>";
echo "<td>" . $row["User"] . "</td>";
echo "<td>" . $row["Comments"] . "</td>";
echo "</tr>";
}
}