无法在SQL中插入带有特殊字符的文本

时间:2014-03-11 23:29:51

标签: php sql

我刚刚将我的php移动到一个新的服务器,除了无法接受文本框中的特殊字符之外,它工作得很好。我仍在使用一些非常旧的代码,但它在旧服务器上完美运行,我还没有升级php。如果您不介意查看代码并提出有关如何更新代码的建议,请使用引号,撇号等进入SQL,我将非常感激!非常感谢!

<?php require_once('../Connections.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
    if (PHP_VERSION < 6) { 
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    }
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;     
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . date("Y-m-d",strtotime($theValue)) . "'" : "NULL";
      break;
    case "time":
      $theValue = ($theValue != "") ? "'" . date("H:i:s",strtotime($theValue)) . "'" : "NULL";
      break;
    case "datetime":
      $theValue = ($theValue != "") ? "'" . date("Y-m-d H:i:s",strtotime($theValue)) . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }

  return $theValue;
}

}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .=  "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
while(list($key,$v)= each($_FILES)){ 
    echo $key . ": " . $v . "<br>";
    $link = $_FILES[$key]['name'];
    $link = htmlentities(($link), ENT_QUOTES);
echo $file_name;

    }

if($link == "") {
die("Link broke."); }

$editcheck = 0;
if(isset($_POST['editorial']) && $_POST['editorial'] == "1") {
    $editcheck = 1;
    }

    $staffcheck = 0;
if(isset($_POST['staffonly']) && $_POST['staffonly'] == "1") {
    $staffcheck = 1;
    }

$photocheck = 0;
if(isset($_POST['photo']) && $_POST['photo'] == "1") {
    $photocheck = 1;
    }

$frontpagecheck = 0;
if(isset($_POST['frontpage']) && $_POST['frontpage'] == "1") {
    $frontpagecheck = 1;
    }

$starcheck = 0; 

$d_month = substr($_POST['today_date'], 0, 2);
$d_day = substr($_POST['today_date'], 2, 2);
$d_year = substr($_POST['today_date'], 4, 2);

$strtime = $d_month . "/" . $d_day . "/" . $d_year;
$fixdate = date("Y-m-d", strtotime($strtime));
$mysql_pubdate = $_POST['pub_yy'] . "-" . $_POST['pub_mm'] . "-" . $_POST['pub_dd'];

if($_POST['source'] == 'ERROR-DONOTPROCESS') {
    echo "Oops! You did not select a publication source. <br><br>
    If you were trying to enter a source that is not on the list, you must select 'Other' <br>
    from the dropdown menu, and then type the name of the publication in the box. If you were <br>
    attempting to do something else, you apparently made a mistake -- one that you are unlikely to make again. <br><br>Sorry!";
    die();
}
$news_source = $_POST['source'];  ## By default, this is what they chose from the drop-down menu.
if($_POST['source'] == 'OTHER') {  ## In case they chose the "other" option earlier.
    $news_source = $_POST['source_other'];
    }


}

if  ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO clips (`date`, clipdate, url, category, `position`, link, datecode, publication, region, htype, mention, editorial, photo, frontpage, staffonly, star, headline, blurb) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($mysql_pubdate, "date"),
                       GetSQLValueString($fixdate, "date"),
                       GetSQLValueString($_POST['url'], "text"),                       
                       GetSQLValueString($_POST['category'], "text"),
                       GetSQLValueString($_POST['position'], "int"),
                       GetSQLValueString($link, "text"),
                       GetSQLValueString($_POST['today_date'], "text"),
                       GetSQLValueString($news_source, "text"),
                       GetSQLValueString($_POST['region'], "text"),
                       GetSQLValueString($_POST['htype'], "int"),
                       GetSQLValueString($_POST['mention'], "text"),
                       $editcheck,
                       $photocheck,
                       $frontpagecheck,
                       $staffcheck,
                       $starcheck,
                       GetSQLValueString($_POST['headline'], "text"),
                       GetSQLValueString($_POST['blurb'], "text"));

  mysql_select_db($database_wow, $wow);
  $Result1 = mysql_query($insertSQL, $wow) or die(mysql_error());
$articleid = mysql_insert_id();


  $pdf_link = $link;
              $dot_is = strrpos("$pdf_link",'.');    //find the last . in the file name
              $ext = substr("$pdf_link", $dot_is);

              if(($ext == ".PDF") || ($ext == ".pdf") || ($ext == ".mp3") || ($ext == ".MP3") || ($ext == ".mp4") || ($ext == ".MP4")) {
            echo "Creating HTML";
            // Insert code here for creating an HTML file of the PDF file.

                                    $fmfile = $articleid . ".htm";

                                    $fmpath = "files/" . date("Y", strtotime($strtime)) . "/" . date("F", strtotime($strtime)) . "/" . $_POST['today_date'] . "/" . $fmfile; 


                        $fhandle = fopen($fmpath, 'w') or die("can't open file");



                        $pagestr = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
                        <html>
                        <head>
                        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
                        <title>' . $_POST['headline'] . '</title>
                        <style type="text/css">

                        .headline {
                            font-family: Arial, Helvetica, sans-serif;
                            font-size: 24px;
                            font-weight: bold;
                            color: #000033;
                        }

                        .pub_big {
                            font-family: Arial, Helvetica, sans-serif;
                            font-size: 12px;
                            font-weight: bold;
                            color: #212121;
                        }
                        .blurb {
                            font-family: Arial, Helvetica, sans-serif;
                            font-size: 12px;
                            font-weight: normal;

                        }
                        .headline2 {
                            font-family: Arial, Helvetica, sans-serif;
                            font-size: 16px;
                            font-weight: bold;
                        }
                        .h_editorials {
                            font-family: Arial, Helvetica, sans-serif;
                            font-size: 12px;
                            font-weight: normal;
                            color: #FFFFFF;
                        }

                        </style>
                        </head>

                        <body>
                        <p><img src="../../../../../images/pdfcliplink.gif" alt="The Daily Clips: PDF Clip Link" width="300" height="53"> </p>
                        <table width="100%"  border="0" cellspacing="0" cellpadding="0">
                          <tr>
                            <td width="2%">&nbsp;</td>
                            <td colspan="2">&nbsp;</td>
                            <td width="2%">&nbsp;</td>
                          </tr>
                          <tr>
                            <td>&nbsp;</td>
                            <td colspan="2" class="headline">' . $_POST['headline'] . '</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td>&nbsp;</td>
                            <td colspan="2" class="blurb"><span class="pub_big">' . $news_source . ' -- ' . date("M j Y", strtotime($_POST['pub_mm'] . "/" . $_POST['pub_dd'] . "/" . $_POST['pub_yy'])) . ':</span> ' . $_POST['blurb'] . '</td>
                            <td>&nbsp;</td>
                          </tr>
                            <tr>
                            <td height="18">&nbsp;</td>
                            <td width="3%"></td>
                            <td width="93%"><span class="pub_big">Category: ' . $_POST['category'];


                            if($_POST['mention'] != '0') {

                                $pagestr .= ' MENTION: ' . $_POST['mention'];

                                }

                            $pagestr .= '</span></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td height="18">&nbsp;</td>
                            <td width="3%"></td>
                            <td width="93%"><span class="pub_big"><a href="' . $link . '">CLICK HERE FOR ARTICLE LINK</a></span></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td>&nbsp;</td>
                            <td colspan="2">&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                        </table>
                        <p class="headline">&nbsp;</p>
                        </body>
                        </html>';

                        fwrite($fhandle, $pagestr);
                        fclose($fhandle);








              }

else {

$fcpath = "files/" . date("Y", strtotime($strtime)) . "/" . date("F", strtotime($strtime)) . "/" . $_POST['today_date'] . "/" . $link; 

$key = "window.print";

//load file into $fc array

$fc = file($fcpath);

//print_r ($fc);

//open same file and use "w" to clear file 

$f = fopen($fcpath,"w");

//loop through array using foreach

foreach($fc as $line)
{
     if(!strstr($line, $key))  //look for $key in each line
          fputs($f, $line); //place $line back in file 
}
fclose($f);

} // closes the else not PDF



}

mysql_select_db($database_wow, $wow);
$query_pubs = "SELECT * FROM clip_admin WHERE type = 'pubs' ORDER BY valnum ASC, value";
$pubs = mysql_query($query_pubs, $wow) or die(mysql_error());
$row_pubs = mysql_fetch_assoc($pubs);
$totalRows_pubs = mysql_num_rows($pubs);

mysql_select_db($database_wow, $wow);
$query_types = "SELECT * FROM clip_admin WHERE type = 'types' ORDER BY valnum ASC";
$types = mysql_query($query_types, $wow) or die(mysql_error());
$row_types = mysql_fetch_assoc($types);
$totalRows_types = mysql_num_rows($types);

mysql_select_db($database_wow, $wow);
$query_mention_types = "SELECT id, `value`, label, valnum, type, color FROM clip_admin WHERE type = 'mentions' ORDER BY valnum ASC";
$mention_types = mysql_query($query_mention_types, $wow) or die(mysql_error());
$row_mention_types = mysql_fetch_assoc($mention_types);
$totalRows_mention_types = mysql_num_rows($mention_types);


$usedatecode = date("mdy", strtotime("today"));

mysql_select_db($database_wow, $wow);
$query_isclosed = "SELECT clips_complete.id, clips_complete.datecode, clips_complete.timeclosed FROM clips_complete WHERE clips_complete.datecode = '$usedatecode'";
$isclosed = mysql_query($query_isclosed, $wow) or die(mysql_error());
$row_isclosed = mysql_fetch_assoc($isclosed);
$totalRows_isclosed = mysql_num_rows($isclosed);


if($totalRows_isclosed > 0) {
    ## Then the system is closed.

    if(date("D") == "Fri") {
    $usedatecode = date("mdy", strtotime("Monday"));    
    }
    else {
    $usedatecode = date("mdy", strtotime("Tomorrow"));
    }
}
?>
<?php   ## Define function:

function word_trim($string, $count, $ellipsis = TRUE){
  $words = explode(' ', $string);
  if (count($words) > $count){
    array_splice($words, $count);
    $string = implode(' ', $words);
    if (is_string($ellipsis)){
      $string .= $ellipsis;
    }
    elseif ($ellipsis){
      $string .= '&hellip;';
    }
  }
  return $string;
}

?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Add New Articles</title>
<style type="text/css">
<!--
.form {
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 12px;
    color: #2E3163;
}
.form_ex {
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 10px;
    font-style: italic;
    font-weight: normal;
    color: #9190C1;
}
.editz {    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 12px;
}
.style8 {font-size: 12px}
.style9 {font-family: Verdana, Arial, Helvetica, sans-serif}
-->
</style>
<link href="clipstyles.css" rel="stylesheet" type="text/css">
</head>

<body>
<form  method="POST" enctype="multipart/form-data" name="form1" action="<?php echo $editFormAction; ?>">

<table width="617" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><img src="../images/images/add_clip_01.gif" width="617" height="32"></td>
  </tr>
  <tr>
    <td background="../images/images/add_clip_03.gif"><table width="100%"  border="0" cellspacing="0" cellpadding="4">
        <tr class="editz">
          <td width="4%">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td width="22%" valign="top" class="editz">Publication Date: </td>
          <td width="63%" valign="top" class="editz"><input name="pub_mm" type="text" id="pub_mm" value="<?php echo date("m", strtotime("today")); ?>" size="2" maxlength="2">
-
  <input name="pub_dd" type="text" id="pub_dd" value="<?php echo date("d", strtotime("today")); ?>" size="2" maxlength="2">
-
<input name="pub_yy" type="text" id="pub_yy" value="<?php echo date("Y", strtotime("today")); ?>" size="4" maxlength="4"></td>
          <td width="11%" valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td><img src="transparent.gif" width="17" height="20"></td>
          <td valign="top" class="editz">Today's 6-Digit Date: </td>
          <td valign="top" class="editz"><input name="today_date" type="text" id="today_date" value="<?php echo $usedatecode; ?>" size="6" maxlength="6">
            <span class="form_ex">Ex: May 3, 2002 = 050302 </span></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">URL of original article:</td>
          <td valign="top" class="editz"><input name="url" type="text" id="url" size="50"></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">Select the file :</td>
          <td valign="top" class="editz"><input name="linkname" type="file" id="linkname">
            <span class="form_ex">This creates the link. </span></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">Publication:</td>
          <td valign="top" class="editz"><select name="source">
            <option value="ERROR-DONOTPROCESS">CHOOSE A SOURCE FROM THE LIST</option>
            <option value="OTHER">Other: Please enter a name in the box</option>
            <?php
do {  
?>
            <option value="<?php echo $row_pubs['value']?>"><?php echo $row_pubs['label']?></option>
            <?php
} while ($row_pubs = mysql_fetch_assoc($pubs));
  $rows = mysql_num_rows($pubs);
  if($rows > 0) {
      mysql_data_seek($pubs, 0);
      $row_pubs = mysql_fetch_assoc($pubs);
  }
?>

          </select>
&nbsp;&nbsp;or Other:
<input name="source_other" type="text" id="source_other"></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>

        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">Headline:</td>
          <td valign="top" class="editz"><input name="headline" type="text" id="headline" size="50"></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">Blurb:</td>
          <td valign="top" class="editz"><textarea name="blurb" type="text" cols="45" rows="4" id="blurb"></textarea></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">Story Category: </td>
          <td valign="top" class="editz"><p>
            <select name="category">
              <option value="Uncategorized">Please select a category from the list...</option>
              <?php
do {  
?>
              <option value="<?php echo $row_types['value']?>"><?php echo $row_types['label']?></option>
              <?php
} while ($row_types = mysql_fetch_assoc($types));
  $rows = mysql_num_rows($types);
  if($rows > 0) {
      mysql_data_seek($types, 0);
      $row_types = mysql_fetch_assoc($types);
  }
?>
            </select>
            &nbsp;&nbsp;&nbsp;&nbsp;</p>
            <p>Editorial: 
              <input name="editorial" type="checkbox" id="editorial" value="1">
            </p>
            <p>Photo: 
              <input name="photo" type="checkbox" id="photo" value="1">
            </p>
            <p>Frontpage: 
              <input name="frontpage" type="checkbox" id="frontpage" value="1">
            </p></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">Mention Category: </td>
          <td valign="top" class="editz"><select name="mention" id="mention">
            <option value="0">No Mentions</option>
            <?php
do {  
?>
            <option value="<?php echo $row_mention_types['value']?>"><?php echo $row_mention_types['label']?></option>
            <?php
} while ($row_mention_types = mysql_fetch_assoc($mention_types));
  $rows = mysql_num_rows($mention_types);
  if($rows > 0) {
      mysql_data_seek($mention_types, 0);
      $row_mention_types = mysql_fetch_assoc($mention_types);
  }
?>
          </select></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">List as a Top Story? </td>
          <td valign="top" class="editz"><select name="htype" id="htype">
            <option value="0">No</option>
            <option value="1">Yes</option>
          </select>
            <span class="form_ex"> (Limit 5 per day) &nbsp;&nbsp;&nbsp;</span>Position in Section: <span class="form_ex">
            <input name="position" type="text" id="position" value="99" size="3" maxlength="3">
            </span></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">Staff only?</td>
          <td valign="top" class="editz"><input type="checkbox" name="staffonly" id="staffonly" value="1">
            Checking this box will exclude this story from the Senator's clips.</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz"><input type="submit" name="Submit" value="Submit"></td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
          <td valign="top" class="editz">&nbsp;</td>
        </tr>
    </table></td>
  </tr>
  <tr>
    <td><img src="../images/images/add_clip_04.gif" width="617" height="24"> 
  </tr>
</table>






  <input type="hidden" name="MM_insert" value="form1">
</form>

1 个答案:

答案 0 :(得分:1)

首先,你的问题中有太多的信息。发布相关代码..

其次,您使用的是折旧函数 - 您应该使用更安全的函数,例如PDOMySQLi

第三,使用双引号而不是单引号。剥离与MySQL字符集不匹配的任何内容的输入,或者你可以转换它们也没有坏处。不是100%肯定你在问什么,但我假设了两件事之一:你要么试图存储奇怪的字符,如表情符号或拉丁符号,要么你有斜杠和引号的问题。