我在网上看到,关闭魔术引号是很容易回答数据库中添加的很多转义字符,如:
电子邮件:href =“\”\“\\”\\\\“\\\\\\\\”\\\\\\\\\\\\\\\“\\\\
所以我使用htaccess来关闭魔术引号:php_flag magic_quotes_gpc Off
问题在于它完全破坏了我的网页,div被合并,事情完全崩溃。
我知道在这个论坛上已经被问了很多但我无法正确理解语法,这就是我在save.php中使用的内容
<?php
include("db.php");
$content1 = $_POST['content1']; //get posted data
$content1 = mysql_real_escape_string($content1); //escape string
$content2 = $_POST['content2']; //get posted data
$content2 = mysql_real_escape_string($content2); //escape string
$content3 = $_POST['content3']; //get posted data
$content3 = mysql_real_escape_string($content3); //escape string
$content4 = $_POST['content4']; //get posted data
$content4 = mysql_real_escape_string($content4); //escape string
$content5 = $_POST['content5']; //get posted data
$content5 = mysql_real_escape_string($content5); //escape string
$content6 = $_POST['content6']; //get posted data
$content6 = mysql_real_escape_string($content6); //escape string
$content7 = $_POST['content7']; //get posted data
$content7 = mysql_real_escape_string($content7); //escape string
$content8 = $_POST['content8']; //get posted data
$content8 = mysql_real_escape_string($content8); //escape string
$content9 = $_POST['content9']; //get posted data
$content9 = mysql_real_escape_string($content9); //escape string
$content10 = $_POST['content10']; //get posted data
$content10 = mysql_real_escape_string($content10); //escape string
$content11 = $_POST['content11']; //get posted data
$content11 = mysql_real_escape_string($content11); //escape string
$content12 = $_POST['content12']; //get posted data
$content12 = mysql_real_escape_string($content12); //escape string
$content13 = $_POST['content13']; //get posted data
$content13 = mysql_real_escape_string($content13); //escape string
$content14 = $_POST['content14']; //get posted data
$content14 = mysql_real_escape_string($content14); //escape string
$content15 = $_POST['content15']; //get posted data
$content15 = mysql_real_escape_string($content15); //escape string
$content16 = $_POST['content16']; //get posted data
$content16 = mysql_real_escape_string($content16); //escape string
$content17 = $_POST['content17']; //get posted data
$content17 = mysql_real_escape_string($content17); //escape string
$content18 = $_POST['content18']; //get posted data
$content18 = mysql_real_escape_string($content18); //escape string
$content19 = $_POST['content19']; //get posted data
$content19 = mysql_real_escape_string($content19); //escape string
$content20 = $_POST['content20']; //get posted data
$content20 = mysql_real_escape_string($content20); //escape string
$content21 = $_POST['content21']; //get posted data
$content21 = mysql_real_escape_string($content21); //escape string
$sql = "UPDATE content SET text = LTRIM('$content1' WHERE element_id = '1') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content2' WHERE element_id = '2') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content3' WHERE element_id = '3') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content4' WHERE element_id = '4') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content5' WHERE element_id = '5') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content6' WHERE element_id = '6') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content7' WHERE element_id = '7') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content8' WHERE element_id = '8') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content9' WHERE element_id = '9') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content10' WHERE element_id = '10') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content11' WHERE element_id = '11') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content12' WHERE element_id = '12') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content13' WHERE element_id = '13') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content14' WHERE element_id = '14') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content15' WHERE element_id = '15') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content16' WHERE element_id = '16') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content17' WHERE element_id = '17') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content18' WHERE element_id = '18') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content19' WHERE element_id = '19') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content20' WHERE element_id = '20') ";
mysql_query($sql);
$sql = "UPDATE content SET text = LTRIM('$content21' WHERE element_id = '21') ";
mysql_query($sql);
------更新----
好的,所以我已经删除了上面冗长的代码,这就是我在save.php中留下的内容:
<?php
include("db.php");
for ($i = 1; $i < 21; $i++) {
$content = $_POST['content' . $i]; //get posted data
$content = mysql_real_escape_string($content); //escape string
$sql = "UPDATE content SET text = LTRIM('$content' WHERE element_id = $i)";
mysql_query($sql);
}
if (mysql_query($sql))
{
echo 1;
}
?>
然而......它不再保存,任何人都可以看到语法错误?
----- NEW UPDATE -----
难道我的ajax save.js需要更新?因此,在我使用“for”循环更新save.php后,我收到错误保存到DB的原因是什么? 请参阅以下代码save.js
$("#save").click(function (e) {
var content1 = $('.editable1').html();
var content2 = $('.editable2').html();
var content3 = $('.editable3').html();
var content4 = $('.editable4').html();
var content5 = $('.editable5').html();
var content6 = $('.editable6').html();
var content7 = $('.editable7').html();
var content8 = $('.editable8').html();
var content9 = $('.editable9').html();
var content10 = $('.editable10').html();
var content11 = $('.editable11').html();
var content12 = $('.editable12').html();
var content13 = $('.editable13').html();
var content14 = $('.editable14').html();
var content15 = $('.editable15').html();
var content16 = $('.editable16').html();
var content17 = $('.editable17').html();
var content18 = $('.editable18').html();
var content19 = $('.editable19').html();
var content20 = $('.editable20').html();
var content21 = $('.editable21').html();
$.ajax({
url: 'save.php',
type: 'POST',
data: {
content1: content1,
content2: content2,
content3: content3,
content4: content4,
content5: content5,
content6: content6,
content7: content7,
content8: content8,
content9: content9,
content10: content10,
content11: content11,
content12: content12,
content13: content13,
content14: content14,
content15: content15,
content16: content16,
content17: content17,
content18: content18,
content19: content19,
content20: content20,
content21: content21
},
success:function (data) {
if (data == '1')
{
$("#status")
.addClass("success")
.html("Data saved successfully")
.fadeIn('fast')
.delay(3000)
.fadeOut('slow');
}
else
{
$("#status")
.addClass("error")
.html("An error occured, the data could not be saved")
.fadeIn('fast')
.delay(3000)
.fadeOut('slow');
}
}
});
});
答案 0 :(得分:2)
以适合所有人的方式做到这一点。
$content1 = stripslashes($_POST['content1']);
$content1 = mysql_real_escape_string($content1);
答案 1 :(得分:2)
所有这些mysql_ *函数都被标记为已弃用。因此,如果您或您的提供商将更新服务器上的php版本,您将通过使用mysql_ *函数获得大量警告。
您应该使用PDO或mysqli_ *函数来代替mysql_ *函数。
答案 2 :(得分:0)
仅举一例:
UPDATE content SET text = LTRIM('$content21' WHERE element_id = '21')
我无法想象这是有效的语法。也许你应该试试
UPDATE content SET text = LTRIM('$content21') WHERE element_id = '21'
此外,你多次重复自己。
也许你最好做点像
for ($i = 1; $i < 22; $i++) {
$content = $_POST['content' . $i]; //get posted data
$content = mysql_real_escape_string($content); //escape string
$sql = "UPDATE content SET text = LTRIM('$content') WHERE element_id = $i";
mysql_query($sql);
}
(我不太确定语法,但你应该明白这个想法)
但即使这不是最佳选择,因为mysql_*()已被弃用,转而支持mysqli_*()或PDO。