我创建了一个PHP表单来将数据发送到MySQL数据库。但是当我写任何其他语言而不是英语然后它给出错误。 喜欢如果我写这样的标题“Fusilladeàl'entréeduisègedela NSA”它不会发布到数据库。任何符号或'在文本中都会产生问题。当我在没有任何符号的情况下写文本或没有任何“'”时,它就完美无缺。我的代码是这些。
HTML表单
<?php
session_start();
include_once('common/session.php');
include_once('header.php');
include_once('postpack.php'); //submit_post.php
?>
<div align="center">
<?PHP
if($_REQUEST['warning'])
{
echo "<span class='alert alert-success'>A Warning Alert</span>";
}
if($_REQUEST['error'])
{
echo "<h4 class='alert_error'>An Error Occured during uploading. Try later...</span>";
}
if($_REQUEST['success'])
{
echo "<span class='alert alert-success'><strong>Your Post successfully Submitted. It will be published after Admin's Approval.</strong></span><br>";
}
?>
</div>
<div class="clearall"></div>
<div class="row-fluid sortable">
<div class="box span12">
<div class="box-header well" data-original-title>
<h2><i class="icon16 icon-edit"></i> Publier Un Article</h2>
<div class="box-icon">
<a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
</div>
</div>
<div class="box-content">
<form action="" method="post" name="form1" enctype="multipart/form-data">
<fieldset>
<legend>News Post</legend>
<table border="0" width="700" style="padding-left:20px;margin-left:40px;">
<tr><td>
<div class="control-group" >
<label class="control-label" for="typeahead">Titre Du Post</label></td>
<tD> <div class="controls">
<input type="text" name="p_title" class="span6 typeahead" id="typeahead" >
</div>
</div></td>
</tr>
<tr><td>
<div class="control-group">
<label class="control-label" for="fileInput">Ajouter une Image</label></td>
<td> <div class="controls">
<input name="file" class="input-file uniform_on" id="fileInput" type="file">
</div>
</div> <br> </td></tr>
<tr><td>
<div class="control-group">
<label class="control-label" for="textarea2">Contenu Du Post</label></td>
<td><div class="controls">
<textarea name="editor1" class="cleditor" id="textarea2" rows="3"></textarea>
</div><br></td></tr>
<tr><td>
<div class="control-group">
<label class="control-label">Post Category</label></td>
<td><div class="controls">
<select name="p_category">
<option value="US News">Cultures</option>
<option value="France News">Economiques</option>
<option value="World News">Santés</option>
<option value="Haiti News">Politiques</option>
<option value="Sports News">Sports</option>
<option value="Entertainment News">Mondiales</option>
<option value="Health News">Educations</option>
</select>
</div>
</div></td></tr>
<tr><td>
<div class="control-group">
<label class="control-label">Tags</label></td>
<td><div class="controls">
<input type="text" name="p_tag" class="span6 typeahead" id="typeahead" >
</div>
</div></td></tr>
<tr><td>
<div class="control-group">
<label class="control-label">Source de l'articles</label></td>
<td><div class="controls">
<input type="text" name="source" placeholder="http://..." class="span6 typeahead" id="typeahead" >
</div>
</div></td></tr>
</table>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary">Publier Le Post</button>
<button type="reset" class="btn">Annuler</button>
</div>
</fieldset>
</form>
</div>
</div><!--/span-->
</div><!--/row-->
</div><!--/row-->
</div><!--/row-->
<?php include('footer.php'); ?>
Postpack.php文件如下。
<?PHP
include_once 'common/conn.php';
error_reporting(0);
$u_id = $_SESSION['u_id'];
if(isset($_REQUEST["p_title"]) && isset($_REQUEST["editor1"]))
{
try
{
$p_title = $_REQUEST["p_title"];
$sorc = $_REQUEST['source'];
$p_content = $_REQUEST["editor1"];
$p_category = $_REQUEST['p_category'];
$p_tag = $_REQUEST['p_tag'];
$dat = date( "Y-m-d" );
if($_FILES["file"]["error"]>0)
{
echo "<script>alert('File Uploading Error');
</script>";
}
else
{
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "image/png")))
{
if($_FILES["file"]["size"]>500000000000)
{
echo "<script>location.href='?error=1'</script>";
}
else
{
$qry_max_id = "SELECT MAX(p_id) as p_id FROM xo_posts";
$ex_qry = mysql_query($qry_max_id);
while ($row = mysql_fetch_array($ex_qry))
{
$max_p_id = $row['p_id'];
}
$file_name = $_FILES["file"]["name"];
$ext = date( "Y-m-d" );
$ext.="img_".$max_p_id."_".$u_id."_";
$file_name = $ext.$_FILES["file"]["name"];
move_uploaded_file($_FILES["file"]["tmp_name"], "../uploads/".$ext . $_FILES["file"]["name"]);
}
}
else
{
echo "<script>alert('File Uploading Error');
</script>";
}
}
$qry_insert = "INSERT INTO xo_posts SET u_id=$u_id, p_title='$p_title', p_image='$file_name', source='$sorc', p_content='$p_content', p_category='$p_category', p_tag='$p_tag', p_c_date='$dat'";
if(mysql_query($qry_insert))
{
echo "<script>location.href='?success=1'</script>";
}
else
{
echo "<script>location.href='?error=1'</script>";
}
}
catch (Exception $ex)
{
echo 'Caught exception: ', $ex->getMessage(), "\n";
}
}
else
{
//echo "<script>location.href='post_add.php?error_login=2'</script>";
}
?>
MySQL表SQL文件。
CREATE TABLE IF NOT EXISTS `xo_posts` (
`p_id` int(11) NOT NULL AUTO_INCREMENT,
`u_id` int(11) NOT NULL,
`p_title` mediumtext CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`webtitle` tinytext CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`p_image` varchar(1000) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`p_content` longtext CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`p_category` varchar(20) NOT NULL,
`p_tag` varchar(500) NOT NULL,
`p_c_date` date NOT NULL,
`p_e_date` datetime NOT NULL,
`p_approved` int(11) NOT NULL,
`addlink` varchar(10000) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`source` varchar(200) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`stdate` date NOT NULL,
`expdate` date NOT NULL,
`flag1` varchar(100) NOT NULL,
`payment` int(11) NOT NULL,
PRIMARY KEY (`p_id`),
UNIQUE KEY `p_id` (`p_id`),
UNIQUE KEY `p_id_2` (`p_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=165 ;
问题仅在文本提交中。是否应该更改数据库中的任何东西。 请帮我解决一下。谢谢。
答案 0 :(得分:0)
在您的情况下,您必须使用mysql_real_escape_string
documentation here。
示例:
$p_title = mysql_real_escape_string($_REQUEST["p_title"]);
警告:自PHP 5.5.0起,此扩展程序已弃用,将来将被删除。相反,应该使用MySQLi或PDO_MySQL扩展。