我正在尝试将记录发布到数据库中我修改网站后几天前工作正常,但是工作不正常。
当我尝试回应内容时,我得到了一切正常。即使我尝试插入没有textarea内容的记录,那么只有当我尝试插入包含内容的记录时才能完美运行我的意思是$ post_content然后我在查询中出错了。
如果我使用mysql_real_escape_string()
,我已经插入了记录但是没有textarea内容,它是空白的,我使用nl2br()
来逃避换行,但此时没有任何工作完全失败,并且相同的代码是在我的本地计算机服务器上完美地工作,找不到真正的问题所在。
我认为文本编辑器导致问题,我现在使用niceEdit,我也尝试使用tinyMce但从不工作。有人可以帮帮我吗?
<!DOCTYPE html>
<html>
<head>
<title> Insert New Post</title>
<script src="http://js.nicedit.com/nicEdit-latest.js" type="text/javascript"></script>
<script type="text/javascript">bkLib.onDomLoaded(nicEditors.allTextAreas);</script>
<style>
input[type="text"]{
width:90%;
height: 30px;
}
select{
height: 30px;
}
table{
width:100%;
}
label{
font-weight:300;font-size:1.5em;text-align: right;
}
textarea{
width: 90%;
}
</style>
</style>
</head>
<!-- BEGIN BODY -->
<body>
<?php include('config.php'); ?>
<?php
ob_start();
if($_SERVER["REQUEST_METHOD"] == "POST"){
$post_title=$_POST['post_title'];
$post_author=$_POST['post_author'];
//$post_date=date("l jS \of F Y h:i:s A");
//$post_date=date("l jS \of F Y");
$post_catagory=$_POST['post_catagory'];
$post_image=$_FILES['post_image']['name'];
$post_image_tmp=$_FILES['post_image']['tmp_name'];
$post_keyword=$_POST['post_keyword'];
$post_page=$_POST['post_page'];
$post_content=mysql_real_escape_string($_POST['post_content']);
// $post_content= nl2br($post_content);
if($post_author==''){
echo "<script>alert('You must fill all blank fields'); window.location('insert_post.php');</script>";
exit();
}
else{
move_uploaded_file($post_image_tmp,"../../images/$post_image");
$sql="insert into post (page_id,post_title,post_author,post_image,post_keywords,post_catagory,post_content) values ('$post_page','$post_title','$post_author','$post_image','$post_keyword','$post_catagory','$post_content')";
$result=mysqli_query($bd,$sql) or die("Error occured:in query".mysql_error());
if(!$result){
echo"<h2 style=\"color:red;position:absolute;top:0;left:400px;\">Your post wasnt posted something is worng</h2>";
exit();
}else{
echo"<h2><script>alert('Your Post has been published successfully!')</script>";
echo"<script>window.open('insert_post.php','_self')</script>";
}
}
}
?>
<!-- MAIN WRAPPER -->
<div id="wrap" >
<?php
//echo $post_author;
// echo $post_title;
// echo $post_page;
// echo $post_keyword;
// echo $post_content;
// echo $post_image;
?>
<!-- MENU SECTION -->
<!--END MENU SECTION -->
<!--PAGE CONTENT -->
<?php //include('include/content.php'); ?>
<div class="row">
<div class="col-lg-12">
<div id="post_form">
<table>
<form action="" method="post" enctype="multipart/form-data" id="post_form">
<tr>
<td><label>Post Title</label></td>
<td><input class="form-control" type="text" name="post_title"></td>
</tr>
<tr>
<td><label>Post Author</label></td>
<td><input class="form-control" type="text" name="post_author"></td>
</tr>
<tr>
<td> <label>Post Catagory</label></td>
<td><select class="form-control" name="post_catagory">
<?php
$sql="select * from catagory";
$result=mysqli_query($bd,$sql) or die("Error:".mysql_error());
while($row=mysqli_fetch_array($result)){
?>
<option value="<?php echo $row['name'] ?>"><?php echo $row['name'];?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td><label>Post keywords</label></td>
<td><input type="text" name="post_keyword" placeholder="Enter text"></td>
</tr>
<tr>
<td><label>Post Image</label></td>
<td><input type="file" name="post_image"/></td>
</tr>
<tr>
<td><label>Select Page</label></td>
<td><select class="form-control" name="post_page">
<?php
$sql="select * from menu";
$result=mysqli_query($bd,$sql) or die("error".mysql_error());
while($row=mysqli_fetch_array($result)){
?>
<option value="<?php echo $row['id'];?>"><?php echo $row['name'];?></option>
<?php
}
?>
</select></td>
</tr>
<tr>
<td><label>Post Contents</label></td>
<td><textarea id="area1" name="post_content" rows="10"></textarea></td>
</tr>
<tr>
<td>Action Key</td>
<td><button type="submit" class="btn btn-default" name="submit" onclick="nicEditors.findEditor('area1').saveContent();">Publish Now</button><button type="reset" class="btn btn-default">Reset Button</button></td>
<td></td>
</tr>
</form>
</table>
</div>
</div>
</div>
<!--END PAGE CONTENT -->
<!-- RIGHT STRIP SECTION -->
<?php //include('include/right.php'); ?>
<!-- END RIGHT STRIP SECTION -->
</div>
</body>
</html>
<!--END MAIN WRAPPER -->
<!-- FOOTER -->
答案 0 :(得分:0)
只需使用mysql_real_escape_string()
即可插入所有值。
答案 1 :(得分:0)
您混淆了mysql
和mysqli
。当您致电mysqli_query
时,您必须阻止使用mysqli_
功能的数据。
$post_content = mysqli_real_escape_string(nl2br($_POST['post_content']));
// ^
您应该对数据库的所有字符串输入使用mysql_real_escape_string
,而不仅仅是content
。
答案 2 :(得分:0)
string mysqli_real_escape_string(mysqli $ link,string $ escapestr)
您必须添加连接链接作为mysqli_real_escape_string()的第一个参数
$post_content = mysqli_real_escape_string($bd, nl2br($_POST['post_content']));
再次
mysqli_query($bd,$sql) or die("Error occured:in query".mysql_error());
^
而不是
mysql_error()
使用
mysqli_error($bd)