是否存在一个常见问题,如果文本中的文本多于单个句子,则会导致我的textarea破坏更新查询?
当我只输入一个句子时,更新查询运行正常,但是除了句子之外的任何内容都会破坏查询。
以下是表单代码:
<form id="cp_files_admin_form" method="post" enctype="multipart/form-data">
<label>File Manager Login Text</label>
<input id="login_text" type="text" name="login_text" value="File Manager Login">
<hr>
<label>File Manager Login Logo</label>
<input id="login_logo" type="file" name="login_logo">
<hr>
<label>Main Left Logo</label>
<input id="main_left_logo" type="file" name="main_left_logo">
<hr>
<img class="form-img" src="" alt="">
<label>Main Center Logo</label>
<input id="main_center_logo" type="file" name="main_center_logo">
<hr>
<label>File Manager Instructions Text</label>
<textarea id="instructions_text" name="instructions_text" style="width:630px;height:150px;"></textarea>
<input id="submit" type="submit" value="Submit">
</form>
这是jQuery代码:
$(document).ready(function() {
// Update CMS
$(document).on('click', '#submit', function() { // catch the form's submit event
// Send data to server through the ajax call
// action is functionality we want to call and outputJSON is our data
// fetch the data for the form
var data = $('#cp_files_admin_form').serialize();
console.log('Form Data Before Sent: '+data);
$.ajax({
url: 'update.php',
data: data,
type: 'GET',
async: 'true',
dataType: 'json',
success: function (result) {
if(result.status) {
alert('CMS Update Successful!');
getCMS();
} else {
alert('CMS Update unsuccessful!');
}
},
error: function (request,error) {
// This callback function will trigger on unsuccessful action
alert('Network error has occurred please try again!');
}
});
return false; // cancel original event to prevent form submitting
});
});
这是update.php代码:
<?php
header("Access-Control-Allow-Origin: *");
require_once("debug/chromephp.php");
$formData = $_GET;
ChromePhp::log('$_GET Data: '.$formData['instructions_text']);
require_once("config.php");
$login_text = $formData['login_text'];
//$login_logo = $formData['login_logo'];
//$main_left_logo = $formData['main_left_logo'];
//$main_center_logo = $formData['main_center_logo'];
$instructions_text = $formData['instructions_text'];
$sql="UPDATE cp_cms SET login_text='$login_text', instructions_text='$instructions_text' WHERE id = 1";
$result = mysql_query($sql);
if($result) {
// Success
$output = array('status' => true, 'massage' => 'Success!');
echo json_encode($output);
} else {
// Failed
$output = array('status' => false, 'massage' => 'Failed!');
echo json_encode($output);
}
?>
表格结构截图:
非常感谢任何帮助。
答案 0 :(得分:1)
试试这个,它可以防止表单中的条目破坏你的SQL查询。这也称为SQL注入攻击...
$sql="UPDATE cp_cms SET login_text='".
mysql_real_escape_string($login_text)."', instructions_text='".
mysql_real_escape_string($instructions_text)."' WHERE id = 1";
但是请看看PDO它是如此安全和容易......
编辑:我挖了一些PDO示例: http://www.phpeveryday.com/articles/PDO-Prepared-Statement-P552.html