我有论坛的脚本。默认情况下,用户只能在已打开网站时发布,以便首先确定父级。
例如domain.com/new.php?parent=3
这里我尝试使用下拉列表进行修改。 例如: 选项1(value1) 方案2(价值2) 方案3(价值3)
我按照$parent=$_POST['parent'];
的例子添加$title=$_POST['title'];
但总是失败。
有解决方案吗?
CODE:
<?php
//This page let users create new topics
include('config.php');
if(isset($_GET['parent']))
{
$id = intval($_GET['parent']);
if(isset($_SESSION['username']))
{
$dn1 = mysql_fetch_array(mysql_query('select count(c.id) as nb1, c.name from categories as c where c.id="'.$id.'"'));
if($dn1['nb1']>0)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New Topic - <?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?> - Forum</title>
<script type="text/javascript" src="functions.js"></script>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Forum" /></a>
</div>
<div class="content">
<?php
$nb_new_pm = mysql_fetch_array(mysql_query('select count(*) as nb_new_pm from pm where ((user1="'.$_SESSION['userid'].'" and user1read="no") or (user2="'.$_SESSION['userid'].'" and user2read="no")) and id2="1"'));
$nb_new_pm = $nb_new_pm['nb_new_pm'];
?>
<div class="box">
<div class="box_left">
<a href="<?php echo $url_home; ?>">Forum Index</a> > <a href="list_topics.php?parent=<?php echo $id; ?>"><?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?></a> > New Topic
</div>
<div class="box_right">
<a href="list_pm.php">Your messages(<?php echo $nb_new_pm; ?>)</a> - <a href="profile.php?id=<?php echo $_SESSION['userid']; ?>"><?php echo htmlentities($_SESSION['username'], ENT_QUOTES, 'UTF-8'); ?></a> (<a href="login.php">Logout</a>)
</div>
<div class="clean"></div>
</div>
<?php
if(isset($_POST['message'], $_POST['title']) and $_POST['message']!='' and $_POST['title']!='')
{
include('bbcode_function.php');
$title = $_POST['title'];
$message = $_POST['message'];
if(get_magic_quotes_gpc())
{
$title = stripslashes($title);
$message = stripslashes($message);
}
$title = mysql_real_escape_string($title);
$message = mysql_real_escape_string(bbcode_to_html($message));
if(mysql_query('insert into topics (parent, id, id2, title, message, authorid, timestamp, timestamp2) select "'.$id.'", ifnull(max(id), 0)+1, "1", "'.$title.'", "'.$message.'", "'.$_SESSION['userid'].'", "'.time().'", "'.time().'" from topics'))
{
?>
<div class="message">The topic have successfully been created.<br />
<a href="list_topics.php?parent=<?php echo $id; ?>">Go to the forum</a></div>
<?php
}
else
{
echo 'An error occurred while creating the topic.';
}
}
else
{
?>
<form action="new_topic.php?parent=<?php echo $id; ?>" method="post">
<label for="title">Title</label><input type="text" name="title" id="title" /><br />
<label for="message">Message</label><br />
<div class="message_buttons">
<input type="button" value="Bold" onclick="javascript:insert('[b]', '[/b]', 'message');" /><!--
--><input type="button" value="Italic" onclick="javascript:insert('[i]', '[/i]', 'message');" /><!--
--><input type="button" value="Underlined" onclick="javascript:insert('[u]', '[/u]', 'message');" /><!--
--><input type="button" value="Image" onclick="javascript:insert('[img]', '[/img]', 'message');" /><!--
--><input type="button" value="Link" onclick="javascript:insert('[url]', '[/url]', 'message');" /><!--
--><input type="button" value="Left" onclick="javascript:insert('[left]', '[/left]', 'message');" /><!--
--><input type="button" value="Center" onclick="javascript:insert('[center]', '[/center]', 'message');" /><!--
--><input type="button" value="Right" onclick="javascript:insert('[right]', '[/right]', 'message');" />
</div>
<textarea name="message" id="message" cols="70" rows="6"></textarea><br />
<input type="submit" value="Send" />
</form>
<?php
}
?>
</div>
<div class="foot"><a href="http://www.webestools.com/scripts_tutorials-code-source-26-simple-php-forum-script-php-forum-easy-simple-script-code-download-free-php-forum-mysql.html">Simple PHP Forum Script</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
<?php
}
else
{
echo '<h2>The category you want to add a topic doesn\'t exist.</h2>';
}
}
else
{
?>
<h2>You must be logged to access this page.</h2>
<div class="box_login">
<form action="login.php" method="post">
<label for="username">Username</label><input type="text" name="username" id="username" /><br />
<label for="password">Password</label><input type="password" name="password" id="password" /><br />
<label for="memorize">Remember</label><input type="checkbox" name="memorize" id="memorize" value="yes" />
<div class="center">
<input type="submit" value="Login" /> <input type="button" onclick="javascript:document.location='signup.php';" value="Sign Up" />
</div>
</form>
</div>
<?php
}
}
else
{
echo '<h2>The ID of the category you want to add a topic is not defined.</h2>';
}
?>
答案 0 :(得分:0)
{。}}中没有名称为input
的{{1}}元素
因此,parent
将不会被设置。通过在提交后转储$_POST['parent']
进行验证:$_POST
。
您可以重复使用包含var_dump($_POST)
值的$id
变量。
正如评论中提到的那样:
确保在说明SQL查询之前清理所有输入值以防止SQL注入攻击!