我目前正在尝试创建一个类型的博客网站,但我在上传已创建的帖子版本时遇到问题。
我目前正在使用Bootstrap并且不知道这是否会影响我的代码,但php错误在表格的行中。
<?php
include("includes/connect.php");
if (isset($_GET['edit'])) {
$edit_id = $_GET['edit'];
$edit_query = "select * from posts where post_id='$edit_id'";
$run_edit = mysql_query($edit_query);
while ($edit_row=mysql_fetch_array($run_edit)) {
$post_id = $edit_row['post_id'];
$post_title = $edit_row['post_title'];
$post_author = $edit_row['post_author'];
$post_keywords = $edit_row['post_keywords'];
$post_image = $edit_row['post_image'];
$post_content = $edit_row['post_content'];
}
}
?>
<div class="col-md-10" id="content-area">
<div class="container">
<div class="row">
<h2>Edit Post</h2>
<form method="post" action="edit_post.php?edit_form=<?php echo $edit_id ?>" enctype="multipart/form-data">
<fieldset class="form-group">
<label for="title">Title</label>
<input type="text" name="title" class="form-control" id="title" placeholder="title" value="<?php echo $post_title; ?>">
</fieldset>
<fieldset class="form-group">
<label for="author">Author</label>
<input type="text" name="author" class="form-control" id="author" placeholder="author" value="<?php echo $post_author; ?>">
</fieldset>
<fieldset class="form-group">
<label for="keywords">Keywords</label>
<input type="text" name="keywords" class="form-control" id="keywords" placeholder="keywords" value="<?php echo $post_keywords; ?>">
</fieldset>
<fieldset class="form-group">
<label for="image">Image</label>
<input type="file" name="image" class="form-control" id="image" placeholder="image">
<img src="../images/<?php echo $post_image; ?>" width="100" height="100">
</fieldset>
<fieldset class="form-group">
<label for="content">Content</label>
<textarea name="content" cols="20" rows="20" class="form-control" id="content" placeholder="content"><?php echo $post_content; ?></textarea>
</fieldset>
<input class="btn btn-primary" type="submit" name="submit" value="Update Post"></input>
</form>
</div>
</div>
</div>
</body>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="../js/bootstrap.min.js"></script>
</html>
<?php
if (isset($_POST['update'])) {
$update_id = $_GET['edit_form'];
$post_title1 = $_POST['title'];
$post_date1 = date('m-d-y');
$post_author1 = $_POST['author'];
$post_keywords1 = $_POST['keywords'];
$post_content1 = $_POST['content'];
$post_image1 = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
if($post_title1=='' or $post_author1=='' or $post_keywords1=='' or $post_content1=='' or $post_image1=='') {
echo "<script>alert('Preencha todos os campos')</script>";
exit();
}
else {
move_uploaded_file($image_tmp, "../images/$post_image1");
$update_query = "update posts set post_title='$post_title1',post_date='$post_date1',post_author='$post_author1',post_image='$post_image1',post_keywords='$post_keywords1',post_content='$post_content1' where post_id='update_id'";
if (mysql_query($update_query)) {
echo "<script>alert('O seu post foi atualizado')</script>";
echo "<script>window.open('view_posts.php','_self')</script>";
}
}
}
?>
答案 0 :(得分:0)
首先,您应该阻止SQL注入。
更改此行:
$edit_id = $_GET['edit'];
对此:
$edit_id = (int)$_GET['edit'];
这样,php总是假设变量是int。
更新代码相同:
$update_id = $_GET['edit_form'];
要:
$update_id = (int)$_GET['edit_form'];
然后,你忘了把$ query放在SQL查询中,在update_id变量上作为PHP变量运行:
$update_query = (...) where post_id='$update_id'";