PHP和MySQL数据插入错误

时间:2015-04-03 14:43:25

标签: php mysql

我创建了一个PHP表单来将数据发送到MySQL数据库。但是当我写任何其他语言而不是英语然后它给出错误。 喜欢如果我写这样的标题“Fusilladeàl'entréeduisègedela NSA”它不会发布到数据库。任何符号或'在文本中都会产生问题。当我在没有任何符号的情况下写文本或没有任何“'”时,它就完美无缺。我的代码是这些。

HTML表单

<?php 
session_start();
include_once('common/session.php');
include_once('header.php');
include_once('postpack.php'); //submit_post.php
?>



            <div align="center">
            <?PHP
                  if($_REQUEST['warning'])
                  {
                      echo "<span class='alert alert-success'>A Warning Alert</span>";
                  }
                  if($_REQUEST['error'])
                  {
                      echo "<h4 class='alert_error'>An Error Occured during uploading. Try later...</span>";
                  }
                  if($_REQUEST['success'])
                  {
                      echo "<span class='alert alert-success'><strong>Your Post successfully Submitted. It will be published after Admin's Approval.</strong></span><br>";
                  }
                ?>
                </div>
                            <div class="clearall"></div>

                            <div class="row-fluid sortable">
                <div class="box span12">
                    <div class="box-header well" data-original-title>
                        <h2><i class="icon16 icon-edit"></i>&nbsp;Publier Un Article</h2>
                        <div class="box-icon">
                            <a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
                        </div>
                    </div>



                    <div class="box-content">
                    <form action="" method="post" name="form1" enctype="multipart/form-data">

                          <fieldset>
                            <legend>News Post</legend>
                            <table border="0" width="700" style="padding-left:20px;margin-left:40px;">
                            <tr><td>
                            <div class="control-group" >
                              <label class="control-label" for="typeahead">Titre Du Post</label></td>
                             <tD> <div class="controls">
                            <input type="text" name="p_title" class="span6 typeahead" id="typeahead" >
                            </div>
                            </div></td>
                            </tr>

<tr><td>
                            <div class="control-group">
                              <label class="control-label" for="fileInput">Ajouter une Image</label></td>
                             <td> <div class="controls">
                                <input name="file" class="input-file uniform_on" id="fileInput" type="file">
                              </div>
                            </div> <br> </td></tr>
<tr><td>                            
                            <div class="control-group">
                              <label class="control-label" for="textarea2">Contenu Du Post</label></td>
                              <td><div class="controls">
                                <textarea name="editor1" class="cleditor" id="textarea2" rows="3"></textarea>
                              </div><br></td></tr>
<tr><td>
                              <div class="control-group">
                                <label class="control-label">Post Category</label></td>
                                <td><div class="controls">
                                  <select name="p_category">
                                    <option value="US News">Cultures</option>
                                    <option value="France News">Economiques</option>
                                    <option value="World News">Santés</option>
                                    <option value="Haiti News">Politiques</option>
                                    <option value="Sports News">Sports</option>
                                    <option value="Entertainment News">Mondiales</option>
                                    <option value="Health News">Educations</option>
                                  </select>
                                </div>
                            </div></td></tr>

<tr><td>            
                                <div class="control-group">
                                <label class="control-label">Tags</label></td>
                                <td><div class="controls">
                                  <input type="text" name="p_tag" class="span6 typeahead" id="typeahead" >
                                </div>
                              </div></td></tr>

                              <tr><td>          
                                <div class="control-group">
                                <label class="control-label">Source de l'articles</label></td>
                                <td><div class="controls">
                                  <input type="text" name="source" placeholder="http://..." class="span6 typeahead" id="typeahead" >
                                </div>
                              </div></td></tr>

                              </table>



                            </div>
                            <div class="form-actions">
                              <button type="submit" class="btn btn-primary">Publier Le Post</button>
                              <button type="reset" class="btn">Annuler</button>
                            </div>
                          </fieldset>
                        </form>   

                    </div>
                </div><!--/span-->

            </div><!--/row-->

            </div><!--/row-->


            </div><!--/row-->

<?php include('footer.php'); ?>

Postpack.php文件如下。

<?PHP
include_once 'common/conn.php';
error_reporting(0);
$u_id = $_SESSION['u_id'];

if(isset($_REQUEST["p_title"]) && isset($_REQUEST["editor1"]))
{
    try
    {
    $p_title = $_REQUEST["p_title"];
    $sorc = $_REQUEST['source'];
    $p_content = $_REQUEST["editor1"];
    $p_category = $_REQUEST['p_category'];
    $p_tag = $_REQUEST['p_tag'];
        $dat = date( "Y-m-d" );

        if($_FILES["file"]["error"]>0)
    {
       echo "<script>alert('File Uploading Error');

             </script>"; 
    }
    else
    {
       $allowedExts = array("gif", "jpeg", "jpg", "png");
           $temp = explode(".", $_FILES["file"]["name"]);
           $extension = end($temp);
       if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "image/png")))
       {
                if($_FILES["file"]["size"]>500000000000)
                {
                    echo "<script>location.href='?error=1'</script>";

                }
                else
                {                    

                 $qry_max_id = "SELECT MAX(p_id) as p_id FROM xo_posts";
                 $ex_qry = mysql_query($qry_max_id);
                 while ($row = mysql_fetch_array($ex_qry)) 
                 {
                    $max_p_id = $row['p_id'];    
                 }
             $file_name = $_FILES["file"]["name"];
          $ext = date( "Y-m-d" );
          $ext.="img_".$max_p_id."_".$u_id."_";
          $file_name = $ext.$_FILES["file"]["name"];
          move_uploaded_file($_FILES["file"]["tmp_name"], "../uploads/".$ext . $_FILES["file"]["name"]);
                }
       }
       else
       {
          echo "<script>alert('File Uploading Error');

             </script>"; 
       }

    }






    $qry_insert = "INSERT INTO xo_posts SET u_id=$u_id, p_title='$p_title', p_image='$file_name', source='$sorc', p_content='$p_content', p_category='$p_category', p_tag='$p_tag', p_c_date='$dat'";
    if(mysql_query($qry_insert))
        {
            echo "<script>location.href='?success=1'</script>";
        }
        else 
        {
            echo "<script>location.href='?error=1'</script>";
        }
    }
    catch (Exception $ex)
    {
       echo 'Caught exception: ',  $ex->getMessage(), "\n";
    }

}
else
{
    //echo "<script>location.href='post_add.php?error_login=2'</script>";
}

?>

MySQL表SQL文件。

CREATE TABLE IF NOT EXISTS `xo_posts` (
  `p_id` int(11) NOT NULL AUTO_INCREMENT,
  `u_id` int(11) NOT NULL,
  `p_title` mediumtext CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
  `webtitle` tinytext CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
  `p_image` varchar(1000) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
  `p_content` longtext CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
  `p_category` varchar(20) NOT NULL,
  `p_tag` varchar(500) NOT NULL,
  `p_c_date` date NOT NULL,
  `p_e_date` datetime NOT NULL,
  `p_approved` int(11) NOT NULL,
  `addlink` varchar(10000) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
  `source` varchar(200) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
  `stdate` date NOT NULL,
  `expdate` date NOT NULL,
  `flag1` varchar(100) NOT NULL,
  `payment` int(11) NOT NULL,
  PRIMARY KEY (`p_id`),
  UNIQUE KEY `p_id` (`p_id`),
  UNIQUE KEY `p_id_2` (`p_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=165 ;

问题仅在文本提交中。是否应该更改数据库中的任何东西。 请帮我解决一下。谢谢。

1 个答案:

答案 0 :(得分:0)

在您的情况下,您必须使用mysql_real_escape_string documentation here

示例:

$p_title = mysql_real_escape_string($_REQUEST["p_title"]);

警告:自PHP 5.5.0起,此扩展程序已弃用,将来将被删除。相反,应该使用MySQLi或PDO_MySQL扩展。