我刚刚将我的php移动到一个新的服务器,除了无法接受文本框中的特殊字符之外,它工作得很好。我仍在使用一些非常旧的代码,但它在旧服务器上完美运行,我还没有升级php。如果您不介意查看代码并提出有关如何更新代码的建议,请使用引号,撇号等进入SQL,我将非常感激!非常感谢!
<?php require_once('../Connections.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . date("Y-m-d",strtotime($theValue)) . "'" : "NULL";
break;
case "time":
$theValue = ($theValue != "") ? "'" . date("H:i:s",strtotime($theValue)) . "'" : "NULL";
break;
case "datetime":
$theValue = ($theValue != "") ? "'" . date("Y-m-d H:i:s",strtotime($theValue)) . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
while(list($key,$v)= each($_FILES)){
echo $key . ": " . $v . "<br>";
$link = $_FILES[$key]['name'];
$link = htmlentities(($link), ENT_QUOTES);
echo $file_name;
}
if($link == "") {
die("Link broke."); }
$editcheck = 0;
if(isset($_POST['editorial']) && $_POST['editorial'] == "1") {
$editcheck = 1;
}
$staffcheck = 0;
if(isset($_POST['staffonly']) && $_POST['staffonly'] == "1") {
$staffcheck = 1;
}
$photocheck = 0;
if(isset($_POST['photo']) && $_POST['photo'] == "1") {
$photocheck = 1;
}
$frontpagecheck = 0;
if(isset($_POST['frontpage']) && $_POST['frontpage'] == "1") {
$frontpagecheck = 1;
}
$starcheck = 0;
$d_month = substr($_POST['today_date'], 0, 2);
$d_day = substr($_POST['today_date'], 2, 2);
$d_year = substr($_POST['today_date'], 4, 2);
$strtime = $d_month . "/" . $d_day . "/" . $d_year;
$fixdate = date("Y-m-d", strtotime($strtime));
$mysql_pubdate = $_POST['pub_yy'] . "-" . $_POST['pub_mm'] . "-" . $_POST['pub_dd'];
if($_POST['source'] == 'ERROR-DONOTPROCESS') {
echo "Oops! You did not select a publication source. <br><br>
If you were trying to enter a source that is not on the list, you must select 'Other' <br>
from the dropdown menu, and then type the name of the publication in the box. If you were <br>
attempting to do something else, you apparently made a mistake -- one that you are unlikely to make again. <br><br>Sorry!";
die();
}
$news_source = $_POST['source']; ## By default, this is what they chose from the drop-down menu.
if($_POST['source'] == 'OTHER') { ## In case they chose the "other" option earlier.
$news_source = $_POST['source_other'];
}
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO clips (`date`, clipdate, url, category, `position`, link, datecode, publication, region, htype, mention, editorial, photo, frontpage, staffonly, star, headline, blurb) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($mysql_pubdate, "date"),
GetSQLValueString($fixdate, "date"),
GetSQLValueString($_POST['url'], "text"),
GetSQLValueString($_POST['category'], "text"),
GetSQLValueString($_POST['position'], "int"),
GetSQLValueString($link, "text"),
GetSQLValueString($_POST['today_date'], "text"),
GetSQLValueString($news_source, "text"),
GetSQLValueString($_POST['region'], "text"),
GetSQLValueString($_POST['htype'], "int"),
GetSQLValueString($_POST['mention'], "text"),
$editcheck,
$photocheck,
$frontpagecheck,
$staffcheck,
$starcheck,
GetSQLValueString($_POST['headline'], "text"),
GetSQLValueString($_POST['blurb'], "text"));
mysql_select_db($database_wow, $wow);
$Result1 = mysql_query($insertSQL, $wow) or die(mysql_error());
$articleid = mysql_insert_id();
$pdf_link = $link;
$dot_is = strrpos("$pdf_link",'.'); //find the last . in the file name
$ext = substr("$pdf_link", $dot_is);
if(($ext == ".PDF") || ($ext == ".pdf") || ($ext == ".mp3") || ($ext == ".MP3") || ($ext == ".mp4") || ($ext == ".MP4")) {
echo "Creating HTML";
// Insert code here for creating an HTML file of the PDF file.
$fmfile = $articleid . ".htm";
$fmpath = "files/" . date("Y", strtotime($strtime)) . "/" . date("F", strtotime($strtime)) . "/" . $_POST['today_date'] . "/" . $fmfile;
$fhandle = fopen($fmpath, 'w') or die("can't open file");
$pagestr = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>' . $_POST['headline'] . '</title>
<style type="text/css">
.headline {
font-family: Arial, Helvetica, sans-serif;
font-size: 24px;
font-weight: bold;
color: #000033;
}
.pub_big {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-weight: bold;
color: #212121;
}
.blurb {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-weight: normal;
}
.headline2 {
font-family: Arial, Helvetica, sans-serif;
font-size: 16px;
font-weight: bold;
}
.h_editorials {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-weight: normal;
color: #FFFFFF;
}
</style>
</head>
<body>
<p><img src="../../../../../images/pdfcliplink.gif" alt="The Daily Clips: PDF Clip Link" width="300" height="53"> </p>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="2%"> </td>
<td colspan="2"> </td>
<td width="2%"> </td>
</tr>
<tr>
<td> </td>
<td colspan="2" class="headline">' . $_POST['headline'] . '</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td colspan="2" class="blurb"><span class="pub_big">' . $news_source . ' -- ' . date("M j Y", strtotime($_POST['pub_mm'] . "/" . $_POST['pub_dd'] . "/" . $_POST['pub_yy'])) . ':</span> ' . $_POST['blurb'] . '</td>
<td> </td>
</tr>
<tr>
<td height="18"> </td>
<td width="3%"></td>
<td width="93%"><span class="pub_big">Category: ' . $_POST['category'];
if($_POST['mention'] != '0') {
$pagestr .= ' MENTION: ' . $_POST['mention'];
}
$pagestr .= '</span></td>
<td> </td>
</tr>
<tr>
<td height="18"> </td>
<td width="3%"></td>
<td width="93%"><span class="pub_big"><a href="' . $link . '">CLICK HERE FOR ARTICLE LINK</a></span></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td colspan="2"> </td>
<td> </td>
</tr>
</table>
<p class="headline"> </p>
</body>
</html>';
fwrite($fhandle, $pagestr);
fclose($fhandle);
}
else {
$fcpath = "files/" . date("Y", strtotime($strtime)) . "/" . date("F", strtotime($strtime)) . "/" . $_POST['today_date'] . "/" . $link;
$key = "window.print";
//load file into $fc array
$fc = file($fcpath);
//print_r ($fc);
//open same file and use "w" to clear file
$f = fopen($fcpath,"w");
//loop through array using foreach
foreach($fc as $line)
{
if(!strstr($line, $key)) //look for $key in each line
fputs($f, $line); //place $line back in file
}
fclose($f);
} // closes the else not PDF
}
mysql_select_db($database_wow, $wow);
$query_pubs = "SELECT * FROM clip_admin WHERE type = 'pubs' ORDER BY valnum ASC, value";
$pubs = mysql_query($query_pubs, $wow) or die(mysql_error());
$row_pubs = mysql_fetch_assoc($pubs);
$totalRows_pubs = mysql_num_rows($pubs);
mysql_select_db($database_wow, $wow);
$query_types = "SELECT * FROM clip_admin WHERE type = 'types' ORDER BY valnum ASC";
$types = mysql_query($query_types, $wow) or die(mysql_error());
$row_types = mysql_fetch_assoc($types);
$totalRows_types = mysql_num_rows($types);
mysql_select_db($database_wow, $wow);
$query_mention_types = "SELECT id, `value`, label, valnum, type, color FROM clip_admin WHERE type = 'mentions' ORDER BY valnum ASC";
$mention_types = mysql_query($query_mention_types, $wow) or die(mysql_error());
$row_mention_types = mysql_fetch_assoc($mention_types);
$totalRows_mention_types = mysql_num_rows($mention_types);
$usedatecode = date("mdy", strtotime("today"));
mysql_select_db($database_wow, $wow);
$query_isclosed = "SELECT clips_complete.id, clips_complete.datecode, clips_complete.timeclosed FROM clips_complete WHERE clips_complete.datecode = '$usedatecode'";
$isclosed = mysql_query($query_isclosed, $wow) or die(mysql_error());
$row_isclosed = mysql_fetch_assoc($isclosed);
$totalRows_isclosed = mysql_num_rows($isclosed);
if($totalRows_isclosed > 0) {
## Then the system is closed.
if(date("D") == "Fri") {
$usedatecode = date("mdy", strtotime("Monday"));
}
else {
$usedatecode = date("mdy", strtotime("Tomorrow"));
}
}
?>
<?php ## Define function:
function word_trim($string, $count, $ellipsis = TRUE){
$words = explode(' ', $string);
if (count($words) > $count){
array_splice($words, $count);
$string = implode(' ', $words);
if (is_string($ellipsis)){
$string .= $ellipsis;
}
elseif ($ellipsis){
$string .= '…';
}
}
return $string;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Add New Articles</title>
<style type="text/css">
<!--
.form {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
color: #2E3163;
}
.form_ex {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-style: italic;
font-weight: normal;
color: #9190C1;
}
.editz { font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
}
.style8 {font-size: 12px}
.style9 {font-family: Verdana, Arial, Helvetica, sans-serif}
-->
</style>
<link href="clipstyles.css" rel="stylesheet" type="text/css">
</head>
<body>
<form method="POST" enctype="multipart/form-data" name="form1" action="<?php echo $editFormAction; ?>">
<table width="617" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="../images/images/add_clip_01.gif" width="617" height="32"></td>
</tr>
<tr>
<td background="../images/images/add_clip_03.gif"><table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr class="editz">
<td width="4%"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td width="22%" valign="top" class="editz">Publication Date: </td>
<td width="63%" valign="top" class="editz"><input name="pub_mm" type="text" id="pub_mm" value="<?php echo date("m", strtotime("today")); ?>" size="2" maxlength="2">
-
<input name="pub_dd" type="text" id="pub_dd" value="<?php echo date("d", strtotime("today")); ?>" size="2" maxlength="2">
-
<input name="pub_yy" type="text" id="pub_yy" value="<?php echo date("Y", strtotime("today")); ?>" size="4" maxlength="4"></td>
<td width="11%" valign="top" class="editz"> </td>
</tr>
<tr>
<td><img src="transparent.gif" width="17" height="20"></td>
<td valign="top" class="editz">Today's 6-Digit Date: </td>
<td valign="top" class="editz"><input name="today_date" type="text" id="today_date" value="<?php echo $usedatecode; ?>" size="6" maxlength="6">
<span class="form_ex">Ex: May 3, 2002 = 050302 </span></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">URL of original article:</td>
<td valign="top" class="editz"><input name="url" type="text" id="url" size="50"></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">Select the file :</td>
<td valign="top" class="editz"><input name="linkname" type="file" id="linkname">
<span class="form_ex">This creates the link. </span></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">Publication:</td>
<td valign="top" class="editz"><select name="source">
<option value="ERROR-DONOTPROCESS">CHOOSE A SOURCE FROM THE LIST</option>
<option value="OTHER">Other: Please enter a name in the box</option>
<?php
do {
?>
<option value="<?php echo $row_pubs['value']?>"><?php echo $row_pubs['label']?></option>
<?php
} while ($row_pubs = mysql_fetch_assoc($pubs));
$rows = mysql_num_rows($pubs);
if($rows > 0) {
mysql_data_seek($pubs, 0);
$row_pubs = mysql_fetch_assoc($pubs);
}
?>
</select>
or Other:
<input name="source_other" type="text" id="source_other"></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">Headline:</td>
<td valign="top" class="editz"><input name="headline" type="text" id="headline" size="50"></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">Blurb:</td>
<td valign="top" class="editz"><textarea name="blurb" type="text" cols="45" rows="4" id="blurb"></textarea></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">Story Category: </td>
<td valign="top" class="editz"><p>
<select name="category">
<option value="Uncategorized">Please select a category from the list...</option>
<?php
do {
?>
<option value="<?php echo $row_types['value']?>"><?php echo $row_types['label']?></option>
<?php
} while ($row_types = mysql_fetch_assoc($types));
$rows = mysql_num_rows($types);
if($rows > 0) {
mysql_data_seek($types, 0);
$row_types = mysql_fetch_assoc($types);
}
?>
</select>
</p>
<p>Editorial:
<input name="editorial" type="checkbox" id="editorial" value="1">
</p>
<p>Photo:
<input name="photo" type="checkbox" id="photo" value="1">
</p>
<p>Frontpage:
<input name="frontpage" type="checkbox" id="frontpage" value="1">
</p></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">Mention Category: </td>
<td valign="top" class="editz"><select name="mention" id="mention">
<option value="0">No Mentions</option>
<?php
do {
?>
<option value="<?php echo $row_mention_types['value']?>"><?php echo $row_mention_types['label']?></option>
<?php
} while ($row_mention_types = mysql_fetch_assoc($mention_types));
$rows = mysql_num_rows($mention_types);
if($rows > 0) {
mysql_data_seek($mention_types, 0);
$row_mention_types = mysql_fetch_assoc($mention_types);
}
?>
</select></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">List as a Top Story? </td>
<td valign="top" class="editz"><select name="htype" id="htype">
<option value="0">No</option>
<option value="1">Yes</option>
</select>
<span class="form_ex"> (Limit 5 per day) </span>Position in Section: <span class="form_ex">
<input name="position" type="text" id="position" value="99" size="3" maxlength="3">
</span></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz">Staff only?</td>
<td valign="top" class="editz"><input type="checkbox" name="staffonly" id="staffonly" value="1">
Checking this box will exclude this story from the Senator's clips.</td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"><input type="submit" name="Submit" value="Submit"></td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
<tr>
<td> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
<td valign="top" class="editz"> </td>
</tr>
</table></td>
</tr>
<tr>
<td><img src="../images/images/add_clip_04.gif" width="617" height="24">
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1">
</form>