批准和拒绝MySQL和PHP无法正常工作

时间:2014-04-03 00:33:01

标签: php mysql

  1. 这是不推荐使用的MySQL。
  2. 是的,我知道我应该转换。
  3. 请列出有用的评论。 (如果你想将它改为mysqli,请继续。:P)

    4. 出于某种原因,当我试图批准或拒绝提交时,它不会。示例:用户提交的广告。批准|拒绝您单击“批准”按钮或“拒绝”按钮,它会将您带回工作人员面板,提交仍然存在,仍然在提交的数据库中,而不是广告数据库中。 (我运行目录广告网站。)

    <?php 
$Page_Name = "Pending Submissions";
include("/home/idirecto/public_html/includes/global.php"); 
?>
<!doctype html>
<html lang="en">

<head>
<meta charset="utf-8"/>
<title><?=SiteName;?> - Staff Panel - <?=PageName;?></title>

<link rel="stylesheet" href="css/layout.css" type="text/css" media="screen" />
<!--[if lt IE 9]>
<link rel="stylesheet" href="css/ie.css" type="text/css" media="screen" />
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<?php 
include("./includes/javascript.php"); 
?>
</head>


<body>
<?php
if($logged_in && preg_match("/group(1)([^\d]|$)/", $user_info['group'])) {  
include("./includes/header.php"); 
include("./includes/sidebar.php"); 
?>

<section id="main" class="column">

<?php
$connection = mysql_connect($DBhost, $DBuser, $DBpass) or     die(mysql_error()); 
        mysql_select_db($DBname, $connection) or die(mysql_error());  
        $id = $_POST['id'];
        $image = htmlentities($_POST['image']);
        $url = htmlentities($_POST['url']);
        $title = htmlentities($_POST['title']);
        $desc = htmlentities($_POST['desc']);
        $category = htmlentities($_POST['category']);
        $user = htmlentities($_POST['user']);
        $approve = isset($_POST['approve']);
        $deny = isset($_POST['deny']);
        $send_submit = isset($_POST['edit_submit']);
        $EmailFroms = "From: iDirectory <submit@idirectoryads.com>";
        $EmailTo = Trim(stripslashes($_POST['email'])); 
        $Subject = "iDirectory Submission";
        $validationOK=true;
        if (Trim($EmailTo)=="") $validationOK=false;

        if($deny){
            if (!$validationOK) {
                echo "<h4 class=\"alert_error\">An error occurred: The email address could not be validated.</h4>";
                include("./includes/submission_pending.php");
            } else {
                $Body = "Thank you for submitting your website to iDirectory. \n \n The site : $_POST[title] ($_POST[url]) \n has been denied submission. \n \n The reason your submission was denied could be that \n it contained content that does not pass our TOU. For more \n information please visit out support forum. \n http://www.support.idirectoryads.com \n \n Regards, \n iDirectory Staff \n --------------------------------------------------------- \n You received this as a result of submitting, a website \n into our database. We will not reveal or share your personal \n information without your permission.";
                $success = mail($EmailTo, $Subject, $Body, $EmailFroms);
                $rt1 = mysql_query("DELETE FROM submit WHERE id= '".$id."'");
                if ($success && $rt1){
                    echo "<h4 class=\"alert_success\">The submission has been denied.</h4>";
                    include("./includes/submission_pending.php");
                } else {
                    echo "<h4 class=\"alert_error\">An error occurred: The submission could not be denied.</h4>";
                       include("./includes/submission_pending.php");
                }
            }
        } else if($approve && $_POST['status'] == 'Edited'){ 
            if (!$validationOK) {
                echo "<h4 class=\"alert_error\">An error occurred: The email address could not be validated.</h4>";
                include("./includes/submission_pending.php");
            } else {
                $Body = "Thank you for submitting your website to iDirectory. \n \n Your requested updates to the site : $_POST[title] ($_POST[url]) \n has been approved. \n \n We thank you for your service. If you have any comments \n or questions feel free to visit our support forum. \n http://www.support.idirectoryads.com \n \n Regards, \n
                iDirectory Staff \n --------------------------------------------------------- \n You received this as a result of updating information you \n have submitting into our database. We will not reveal \n or share your personal information without your permission.";
                $success = mail($EmailTo, $Subject, $Body,   $EmailFroms);
                $update_submission = mysql_query("UPDATE ads SET  title='".$title."', image='".$image."', url='".$url."', `desc`='".$desc."',  category='".$category."' WHERE id='".$id."'") or die(mysql_error());
                $rt1 = mysql_query("INSERT INTO ads WHERE id=  '".$id."'");
                if($success && $update_submission && $rt1)
                {
                    echo "<h4 class=\"alert_success\">The submission has been approved.</h4>";
                    include("./includes/submission_pending.php");
                } else {
                    echo "<h4 class=\"alert_error\">An error occurred: The submission couldn't be approved.</h4>";
                    include("./includes/submission_pending.php");
                }
            }
        } else if($approve && $_POST['status'] == 'New'){ 
            if (!$validationOK) {
                echo "<h4 class=\"alert_error\">An error occurred:  The email address could not be validated.</h4>";
                include("./includes/submission_pending.php");
            } else {
                $Body = "Thank you for submitting your website to  iDirectory. \n \n The site : $_POST[title] ($_POST[url]) \n has been approved. \n \n We thank you for your service. If you have any comments \n or questions feel free to visit our  support forum. \n http://www.support.idirectoryads.com \n \n Regards, \n
                iDirectory Staff \n --------------------------------------------------------- \n You received this as a result of submitting, a website \n into our database. We will not reveal or share your personal \n information without your permission.";
                $success = mail($EmailTo, $Subject, $Body,  $EmailFroms);
                $insert_submission = mysql_query("INSERT INTO ads  (title, image, url, `desc`, category, user) VALUES ('".$title."', '".$image."', '".$url."', '".$desc."', '".$category."', '".$user."')");
                $rt1 = mysql_query("DELETE FROM submit WHERE id = '".$id."'");
                if ($success && $insert_submission && $rt1){
                    echo "<h4 class=\"alert_success\">The submission has been approved.</h4>";
                    include("./includes/submission_pending.php");
                } else {
                    echo "<h4 class=\"alert_error\">An error occurred: The submission couldn't be approved.</h4>";
                    include("./includes/submission_pending.php");
                }   
            }               
        } else {
            include("./includes/submission_pending.php");
        }
    echo "</section>"; 
    mysql_close($connection);
} else {
    include("./includes/login.php"); 
}
?>
</body>
</html>

    标题需要保持不变,因为它是远程托管论坛的API。

    问题:如果已经更新到MySQLi,我的每个页面中的其余代码都必须更新吗?

    我已经在这里工作了几个小时,查看了文档,更改了代码,但我仍然得到一个空白页面,或者执行上述代码所做的事情。

    如果您需要更多编码,请告诉我们!

    感谢。

1 个答案:

答案 0 :(得分:0)

htmlspecialchars甚至不接近proper SQL escaping。更新所有页面并不是一个坏主意,因为mysql_query如果你忘记了正确的事情,那就是坏消息。好消息是,只要你有一个新的数据库框架要移动,你就可以一次清理一个文件。

你可能会做的是选择一些更现代化的东西,比如PDO,并逐步删除旧的mysql_query代码。只要每个页面都有自己的连接,就像在这里一样,你会没事的。

展望未来,您需要拥有适当的连接池,以避免每次页面加载时出现巨大的连接损失。这是PDO does out of the box

当您对应用程序进行全面检查时,请使用git grep mysql_query之类的指标来衡量您需要完成的工作量。

如果您没有版本控制系统或测试服务器,则需要在开始检修应用程序之前进行设置。改变这种东西并不总是像我们想的那么容易,因此能够恢复错误并测试应用程序是至关重要的。像Vagrant这样的工具可以非常容易地获得一个与生产环境非常接近的运行时。

相关问题
最新问题