我使用php将数据插入mysql它的工作部分是插入所有内容但不是单引号(')ex。原则的信息。当我插入它像原则的消息。它插入数据库但它只在插入后在文本框中显示原则。我的文件是save.php就在这里。
<?php session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_SESSION['user'])) {
if($_GET['catId'] == '' || $_GET['catId'] == null)
header('location:../user/logout.php');
$inc = -1;
if($_POST['title'] == '' || $_POST['title'] == null) {
$inc++;$_SESSION['error'][$inc] = "TITLE IS REQUIRED";
}
$selectImg=mysql_query("SELECT pri_img FROM aboutus_tbl WHERE id=4");
if ($_GET['catId']==4) {
if($_FILES["file"]["name"]) {
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 5242880)
&& in_array($extension, $allowedExts))
$imageNewName = md5(date("l, F d, Y h:i" ,time()) . (microtime())) . "." . $extension;
else {
$inc++;$_SESSION['error'][$inc] = "IVALID IMAGE";
}
}
else {
$inc++;$_SESSION['error'][$inc] = "IMAGE IS REQUIRED";
}
}
function inputValues() {
$_SESSION['values']['title'] = $_POST['title'];
$_SESSION['values']['sub_title1'] = $_POST['sub_title1'];
$_SESSION['values']['desc1'] = $_POST['desc1'];
$_SESSION['values']['sub_title2'] = $_POST['sub_title2'];
$_SESSION['values']['desc2'] = $_POST['desc2'];
$_SESSION['values']['sub_title3'] = $_POST['sub_title3'];
$_SESSION['values']['desc3'] = $_POST['desc3'];
header("location:../../views/aboutus_content/list.php?catId=".$_GET['catId']);
}
if($inc > -1)
inputValues();
else {
require_once('../../includes/connect.php');
if($_GET['catId']==4 && isset($_FILES["file"]["name"])) {
$update="UPDATE aboutus_tbl SET title='".$_POST['title']."',sub_title1='".$_POST['sub_title1']."',desc1='".$_POST['desc1']."',sub_title2='".$_POST['sub_title2']."',desc2='".$_POST['desc2']."',sub_title3='".$_POST['sub_title3']."',desc3='".$_POST['desc3']."',pri_img='".$imageNewName."' WHERE id='".$_GET['catId']."'";
}
else{
$update="UPDATE aboutus_tbl SET title='".$_POST['title']."',sub_title1='".$_POST['sub_title1']."',desc1='".$_POST['desc1']."',sub_title2='".$_POST['sub_title2']."',desc2='".$_POST['desc2']."',sub_title3='".$_POST['sub_title3']."',desc3='".$_POST['desc3']."' WHERE id='".$_GET['catId']."'";
}
if(mysql_query($update)) {
if($_GET['catId']==4 && isset($_FILES["file"]["name"])) {
move_uploaded_file($_FILES["file"]["tmp_name"],"../../public/img/principal/".$imageNewName);
unlink("../../public/img/principal/".mysql_result($selectImg, 0, "pri_img"));
}
$_SESSION['message'] = $_POST['title']." SUCESSFULLY UPDATED";
header('location:../../views/aboutus_content/list.php?catId='.$_GET['catId']);
} else {
$_SESSION['error'] = "ERROR : '".mysql_error()."' CODE : ".mysql_errno();
inputValues();
}
}
} else
header('location:../user/logout.php')
?>
和设计文件在这里list.php
<?php
ob_start();
include '../../includes/header.php';
if(!isset($_GET['catId']) || $_GET['catId']=='')
header('location:../error');
$contactResult = mysql_query("SELECT * FROM aboutus_tbl WHERE id='".$_GET['catId']."'");
if(mysql_num_rows($contactResult) != 1)
header('location:../error');
else {
?>
<div class="mainbar">
<div class="page-head">
<div class="container">
<div class="row">
<div class="col-md-12 col-sm-12 col-xs-12">
<h2><i class="fa fa-desktop"></i> <?php echo mysql_result($contactResult, 0, "title");?> Content</h2>
</div>
<div class="clearfix"></div>
</div>
</div>
</div>
<div class="container">
<?php
if(isset($_SESSION['error'])) {
echo"<div class='alert alert-danger'>";
for($i=0;$i<sizeof($_SESSION['error']);$i++)
echo "<p><b>".$_SESSION['error'][$i]."</b></p>";
echo"</div>";
unset($_SESSION['error']);
}
if(isset($_SESSION['message'])) {
echo"<div class='alert alert-success'><p><b>".$_SESSION['message']."</b></p></div>";
unset($_SESSION['message']);
}
?>
<div class="hide alert alert-danger" id="errorContainer"></div>
<div class="row">
<div class="col-lg-12">
<form action="../../controllers/aboutus_content/save.php?catId=<?php echo $_GET['catId'];?>" method="post" class="contactForms" role="form" enctype="multipart/form-data">
<div class="col-lg-6">
<div class="form-group">
<label for="title"><span class="text-danger">* </span>Title</label>
<input name="title" id="title" data-validation-allowing="'" class="form-control" placeholder="Enter Title" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['title']; echo mysql_result($contactResult, 0, "title");?>" />
</div>
<div class="form-group">
<label for="sub_title1"><span class="text-danger">* </span>Sub Title 1</label>
<input name="sub_title1" id="sub_title1" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 1" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title1']; else echo mysql_result($contactResult, 0, "sub_title1");?>" />
</div>
<div class="form-group">
<label for="desc1"><span class="text-danger">* </span>Description 1</label>
<textarea name="desc1" id="desc1" data-validation-allowing="'" class="form-control" placeholder="Enter Description 1"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc1']; else echo mysql_result($contactResult, 0, "desc1");?></textarea>
</div>
<div class="form-group">
<label for="sub_title2"><span class="text-danger">* </span>Sub Title 2</label>
<input name="sub_title2" id="sub_title2" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 2" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title2']; else echo mysql_result($contactResult, 0, "sub_title2");?>" />
</div>
<div class="form-group">
<label for="desc2"><span class="text-danger">* </span>Description 2</label>
<textarea name="desc2" id="desc2" data-validation-allowing="'" class="form-control" placeholder="Enter Description 2"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc2']; else echo mysql_result($contactResult, 0, "desc2");?></textarea>
</div>
</div>
<div class="col-lg-6">
<div class="form-group">
<label for="sub_title3"><span class="text-danger">* </span>Sub Title 3</label>
<input name="sub_title3" id="sub_title3" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 3" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title3']; else echo mysql_result($contactResult, 0, "sub_title3");?>" />
</div>
<div class="form-group">
<label for="desc3"><span class="text-danger">* </span>Description 3</label>
<textarea name="desc3" id="desc3" data-validation-allowing="'" class="form-control" placeholder="Enter Description 3"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc3']; else echo mysql_result($contactResult, 0, "desc3");?></textarea>
</div>
<div class="form-group">
<label for="pri_img"><span class="text-danger">* </span>Principle Image(Only For Principal's Message)</label>
<input type="file" name="file" id="file" class="form-control">
</div>
</div>
<div class="form-group text-center">
<input type="submit" class="btn btn-info" value="Save" />
<a href="list.php" class="btn btn-default">Reset</a>
</div>
</form>
</div>
</div>
</div>
</div>
<?php
}
?>
<script type="text/javascript">
window.onload = function() {
$(document).ready(function() {
$('.aboutus_content').addClass('current');
$('.aboutus_content').addClass('open');
$(".courImgItm<?php echo $_GET['catId']?>").addClass('active');
});
}
</script>
<?php
include '../../includes/footer.php';
if(isset($_SESSION['values']))
unset($_SESSION['values']);
ob_flush();
?>
请帮帮我。
答案 0 :(得分:1)
首先运行你的字符串:
mysql_real_escape_string($字符串);
它会为你解决它
答案 1 :(得分:0)
尝试使用这种方式 在你的SQL查询---
$m1=$_REQUEST['message'];
$msg='".str_replace("\"",""",str_replace("'","''",$m1))."';
希望这会有所帮助