我在大约3天前访问了我的网站,我们遇到了一个我无法理解的问题。我的网站是www.bookling.co,当用户试图编辑他们的个人资料时,有10个字段,商家名称,姓名,专业,关于我,电子邮件,网站,脸书,推特,pintrest和谷歌加。我有114个注册用户,其中少数几个关于我的部分不会插入到数据库中。它每次都适合我,但对于我的一些用户来说它并不适用。我已经在多个浏览器和不同的计算机上试过它,它总是适用于我,我甚至创建了多个配置文件,仍然有效。我需要帮助弄清楚它为什么会对某些人起作用而不是对其他人起作用。以下是输入字段的代码:
<?php
header('Location: userprofile.php');
define('QUADODO_IN_SYSTEM', true);
require_once('includes/header.php');
include_once('includes/mysqli_connection.php');
$qls->Security->check_auth_page('members.php');
//
$business_name=$_POST['business_name'];
$name=$_POST['name'];
$about_me=$_POST['about_me'];
$specialty=$_POST['specialty'];
$email=$_POST['email'];
$website=$_POST['website'];
$facebook=$_POST['facebook'];
$twitter=$_POST['twitter'];
$pintrest=$_POST['pintrest'];
$googleplus=$_POST['googleplus'];
// Insert data into mysql
$id=$qls->user_info['id'];
$sql="UPDATE qls3_users SET business_name='$business_name', name='$name', about_me='$about_me', specialty='$specialty', email='$email', website='$website', facebook='$facebook', twitter='$twitter', pintrest='$pintrest', googleplus='$googleplus' WHERE id='$id'";
$result=mysqli_query($db_conx,$sql);
?>
<?php
// close connection
mysqli_close('$db_conx');
?>
<!-- Edit Profile Modal -->
<!-- Button trigger modal -->
<button class="btn btn-default" data-toggle="modal" data-target="#myModal">Edit Profile</button>
<?php include_once( 'modals/profile_img.php');?>
<!--Edit Profile Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title" id="myModalLabel">Edit Profile</h4>
</div>
<div class="modal-body">
<form action="edit_profile.php" method="post" enctype="multipart/form-data" name="eprofile" onsubmit="return checkRequired2();">
<input type="text" class="form-control" id="exampleInputEmail1" name="business_name" placeholder="Business Name" value="<?php echo $qls->user_info['business_name'];?>">
<br>
<input type="text" class="form-control" id="exampleInputEmail1" name="name" placeholder="Name" value="<?php echo $qls->user_info['name'];?>">
<br>
<textarea class="form-control" name="about_me" rows="3" maxlength="535" lengthcut="true" placeholder="About Me"><?php echo $qls->user_info['about_me'];?></textarea>
<br>
<input type="text" class="form-control" id="exampleInputEmail" placeholder="My Specialties" name="specialty" value="<?php echo $qls->user_info['specialty'];?>">
<br>
<input type="email" class="form-control" id="exampleInputEmail" placeholder="Email" name="email" value="<?php echo $qls->user_info['email'];?>">
<br>
<input type="text" class="form-control" id="exampleInputEmail" placeholder="Website" name="website" value="<?= $qls->user_info['website'];?>">
<br>
<input type="text" class="form-control" id="exampleInputEmail" name="facebook" placeholder="Facebook Link" value="<?php echo $qls->user_info['facebook'];?>">
<br>
<input type="text" class="form-control" id="exampleInputEmail" name="twitter" placeholder="Twitter Link" value="<?php echo $qls->user_info['twitter'];?>">
<br>
<input type="text" class="form-control" id="exampleInputEmail" name="pintrest" placeholder="Pintrest Link" value="<?php echo $qls->user_info['pintrest'];?>">
<br>
<input type="text" class="form-control" id="exampleInputEmail" name="googleplus" placeholder="Google+ Link" value="<?php echo $qls->user_info['googleplus'];?>">
<br>
<div class="note">*Potential clients will be able to view your profile, make sure to use as much information as possible to gain their interests.</div>
<br>
<br>
<input type="submit" name="submit" class="btn btn-primary" value="submit">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</form>
<script type="text/javascript" language="javascript" src="/assets/js/charcount.js"></script>
</div>
</div>
</div>
</div>
答案 0 :(得分:0)
尝试以下方法:
$business_name = $db_conx->real_escape_string($_POST['business_name']);
$name = $db_conx->real_escape_string($_POST['name']);
$about_me = $db_conx->real_escape_string(htmlentities($_POST['about_me'], ENT_QUOTES));
$specialty = $db_conx->real_escape_string($_POST['specialty']);
$email = $db_conx->real_escape_string($_POST['email']);
$website = $db_conx->real_escape_string($_POST['website']);
$facebook = $db_conx->real_escape_string($_POST['facebook']);
$twitter = $db_conx->real_escape_string($_POST['twitter']);
$pintrest = $db_conx->real_escape_string($_POST['pintrest']);
$googleplus = $db_conx->real_escape_string($_POST['googleplus']);