有人可以告诉我为什么这种情况一直无效吗?
include('../globals/mysqli_connect.php');
$insert_channel = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$insert_channel_query = "UPDATE tv_channels SET channel_name='$_POST[channel_name]', variant_1_source='$_POST[variant_1_source]', variant_2_source='$_POST[variant_2_source]' , variant_3_source='$_POST[variant_3_source]', variant_4_source='$_POST[variant_4_source]' WHERE id =?";
if ($stmt_insert_channel = $insert_channel->prepare($insert_channel_query)) {
$stmt_insert_channel->bind_param("s",$_GET['editchannelID']);
$stmt_insert_channel->execute();
$stmt_insert_channel->close();
}
$insert_channel->close();
header("refresh:1;url=tv_online.php");
事情是有效但在$ _Post ['variant_1_source']或$ _Post ['variant_2_source']或 $ _Post ['variant_3_source']或$ _Post ['variant_4_source']我添加:
<script src="http://portaltv.ro/jw6/jwplayer.js" type="text/javascript"></script>
<script src="http://portaltv.ro/jw6/key.js" type="text/javascript"></script>
<script src="http://p.jwpcdn.com/6/3/jwpsrv.js"></script><script src="http://p.jwpcdn.com/6/3/sharing.js"></script></head><body><div id="player_1_wrapper" style="width: 100%; height: 100%; position: relative;"><object name="player_1" width="100%" height="100%" tabindex="0" id="player_1" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" "=""><PARAM NAME="_cx" VALUE="50800"><PARAM NAME="_cy" VALUE="13123"><PARAM NAME="FlashVars" VALUE=""><PARAM NAME="Movie" VALUE="http://portaltv.ro/jw6/jwplayer.flash.swf"><PARAM NAME="Src" VALUE="http://portaltv.ro/jw6/jwplayer.flash.swf"><PARAM NAME="WMode" VALUE="Opaque"><PARAM NAME="Play" VALUE="0"><PARAM NAME="Loop" VALUE="-1"><PARAM NAME="Quality" VALUE="High"><PARAM NAME="SAlign" VALUE="LT"><PARAM NAME="Menu" VALUE="-1"><PARAM NAME="Base" VALUE=""><PARAM NAME="AllowScriptAccess" VALUE="always"><PARAM NAME="Scale" VALUE="NoScale"><PARAM NAME="DeviceFont" VALUE="0"><PARAM NAME="EmbedMovie" VALUE="0"><PARAM NAME="BGColor" VALUE="000000"><PARAM NAME="SWRemote" VALUE=""><PARAM NAME="MovieData" VALUE=""><PARAM NAME="SeamlessTabbing" VALUE="1"><PARAM NAME="Profile" VALUE="0"><PARAM NAME="ProfileAddress" VALUE=""><PARAM NAME="ProfilePort" VALUE="0"><PARAM NAME="AllowNetworking" VALUE="all"><PARAM NAME="AllowFullScreen" VALUE="true"><PARAM NAME="AllowFullScreenInteractive" VALUE="false"><PARAM NAME="IsDependent" VALUE="0"><param name="movie" value="http://portaltv.ro/jw6/jwplayer.flash.swf"><param name="allowfullscreen" value="true"><param name="allowscriptaccess" value="always"><param name="seamlesstabbing" value="true"><param name="wmode" value="opaque"><param name="bgcolor" value="#000000"></object><div id="player_1_jwpsrv" style="top: 0px; position: absolute; z-index: 10;"></div><div id="player_1_sharing" style="top: 0px; position: absolute; z-index: 11;"></div></div>
<script type="text/javascript">
jwplayer('player_1').setup({
file: "http://178.21.120.198:1936/live3/mp4:animalplanet/mp4:animalplanet/portaltv.m3u8?file=mp4:animalplanet&token=f526074b3aa399ec6b82df17ce1d5840",
width: "100%",
height: "100%",
autostart: "true",
sharing: {
code: encodeURI("<iframe src='http://www.x'/>"),
link: "http://www.x"
}
});
</script>
它不会将上述代码插入数据库。 附:我知道将变量直接放入查询是不安全的,我只是为了测试而做。如果有人能告诉我为什么不将html / javascript添加到数据库中,请帮助兄弟。谢谢 !