检索$ _GET会出现意外T_VARIABLE错误,期待','或';'

时间:2014-07-03 04:28:04

标签: php http-get

我正在为网站制作图片上传器,第一页允许用户输入他要上传的图片的标题和说明。然后将其发送到另一个页面,该页面将数据插入数据库,然后转发到允许用户上传图像的页面。我在数据库插入部分出错了。

当我加载addTitleDescDB.php时出现以下错误

  

解析错误:语法错误,意外T_VARIABLE,期待','或';'在第10行的../admin/imageupload/addTitleDescDB.php

表格:

<div id="upload-wrapper">
    <div align="center">
        <h3>Description</h3>
        <form action="addTitleDescDB.php" method="get" id="MyUploadForm">
            <label for="title">Titre:</label>
            <input type="text" name="title" id="title">
            <br><br>
            <label for="desc">Description:</label><br>
            <textarea name="desc" id="desc" cols=40 rows=6></textarea>
            <br><br>
            <input type="submit"  id="submit-btn" value="Envoyer" />
        </form>
    </div>
</div>

addTitleDescDB.php 

<?php
  require_once ($_SERVER['DOCUMENT_ROOT'].'/includes/mysql_connect.php'); // Connect to the database.   
  include ($_SERVER['DOCUMENT_ROOT'].'/includes/sanitize.php');

  $_GET = sanitize($_GET); // Sanitize input
  $title = $_GET['title'];
  $desc = $_GET['desc'];

  if(mysql_query("INSERT INTO galerie (title, description) VALUES ($title, $desc)")) {
    $id = mysql_insert_id();
    echo "<script type=\"text/javascript\">window.location.href = '../admin/imageupload/imageupload.php?id=".$id."';</script>";
  }
  else
    echo "<script type=\"text/javascript\">window.location.href = '../admin/imageupload/index.php?error=SQL';</script>";
?>

sanitize.php 

<?php
  function cleanInput($input) {
    $search = array(
      '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
      '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
      '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
      '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
  );

  $output = preg_replace($search, '', $input);
  return $output;
  }
?>

<?php
  function sanitize($input) {
    if (is_array($input)) {
      foreach($input as $var=>$val) {
        $output[$var] = sanitize($val);
      }
    }
    else {
      if (get_magic_quotes_gpc()) {
        $input = stripslashes($input);
      }
      $input  = cleanInput($input);
      $output = mysql_real_escape_string($input);
    }
    return $output;
  }
?>

2 个答案:

答案 0 :(得分:1)

在你的addTitleDescDB.php中试试这个:

<?php
  require_once ($_SERVER['DOCUMENT_ROOT'].'/includes/mysql_connect.php'); // Connect to the database.   
  include ($_SERVER['DOCUMENT_ROOT'].'/includes/sanitize.php');

  $_GET = sanitize($_GET); // Sanitize input
  $title = $_GET['title'];
  $desc = $_GET['desc'];

  if(mysql_query("INSERT INTO galerie (title, description) VALUES ('".$title."','".$desc."')")) {
    $id = mysql_insert_id();
    echo "<script type=\"text/javascript\">window.location.href = '../admin/imageupload/imageupload.php?id=".$id."';</script>";
  }
  else
    echo "<script type=\"text/javascript\">window.location.href = '../admin/imageupload/index.php?error=SQL';</script>";
?>

答案 1 :(得分:0)

应引用您的查询变量,并为您的脚本提供正确的引用

尝试改变

if(mysql_query("INSERT INTO galerie (title, description) VALUES ('$title', '$desc')")) {
    $id = mysql_insert_id();
    echo "<script type='text/javascript'>window.location.href = '../admin/imageupload/imageupload.php?id=$id';</script>";
  }
  else
    echo "<script type='text/javascript'>window.location.href = '../admin/imageupload/index.php?error=SQL';</script>";
相关问题
最新问题