我显示的代码似乎停止在$ tid = mss上工作
这就是为什么我认为我在开始时称为mss的功能不起作用
当脚本在我的网站上运行时,它就像什么都没发生过一样,然后回到你正在查看的主题。对不起,简短的解释,我不知道发生了什么,所以我无话可说。如果您有任何疑问,请对此发表评论。
Reply.php
<?php
require('connect.php');
function mss($value) {
return mysqli_real_escape_string(trim(strip_tags($connect, $value)));
}
if(!$_POST['submit']) {
echo "Invalid usage of the file! Hmm, maybe you should try sql injection.";
} else {
$tid = mss ($_GET['id']);
$msg = mss ($_POST['reply']);
if(!$tid) {
echo "Hmm, I dont know how that you would reply to no topic but still expect it to work.";
} else {
$sql = "SELECT * FROM forum_topics WHERE id='".$tid."'";
$res = mysqli_query($connect, $sql) or die (mysqli_error());
if(mysqli_num_rows($res) == 0) {
echo "Wat r u doin m7, you tryin to rply to a topic that doesn't exist.";
} else {
$row = mysqli_fetch_assoc($res);
if(!$msg) {
echo "You did not give a reply.";
} else {
if(strlen($msg) < 5 || strlen($msg) > 10000) {
echo "<font color='red'>Your reply must be between 5 and 10000 characters!</font>";
} else {
$date = date("m-d-y") . " at " . date("h:i:s");
$time = time();
$sql3 = "INSERT INTO forum_replies (id, tid, uid, message, date, time) VALUES (default, '".$tid."','".$_SESSION['uid']."', '".$msg."', '".$date."', '".$time."')";
$res3 = mysqli_query($connect, $sql3) or die (mysqli_error());
header("Location: topics.php?id='.$tid'");
}
}
}
}
}
?>
编辑:更新代码
Connect.php
<?php
$host="localhost";//hostname
$username="********";//username
$password="********";//database password
$db_name="forum";//database name
$connect = mysqli_connect($host, $username, $password, $db_name) or die ("<font color='red'>Unable to connect to MySQL! Contact an admin.</font>");
?>
答案 0 :(得分:1)
函数mysqli_real_escape_string()需要将mysqli连接作为第一个参数传递。示例用法为mysqli_real_escape_string($db_link, $value),$db_link变量可能在您的connect.php文件中设置,并通过调用mysqli_connect()来设置。