我无法从CKEditor上传代码段。它们的格式很好,但是当上传到数据库时,它会将文本视为代码,并在点击“' $'变量。 这是CKEditor输出的代码片段
<pre>
<code class="language-php">
echo $hello
</code></pre>
<p> </p>
这是用于发布到数据库的内容
$date = date('Y-m-d') ."\n";
$now = time(); $utc_time = $now - intval(date('Z', $now));
$time = date('H:i:s', $now);
$name = $_POST['title'];
$subject = $_POST['subject'];
$forum_id = $_POST['forum_id'];
$post = $_POST['post'];
$user_id = $_SESSION['user']['user_id'];
$sql = "INSERT INTO threads (forum_id,user_id,name,post,time,date,subject) VALUES ('$forum_id','$user_id','$name','".$post."','$time','$date','$subject');";
错误是:
( ! ) Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'echo $hello' in /storage/www/fsociety/newthread.php on line 72
( ! ) PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'echo $hello' at line 1 in /storage/www/fsociety/newthread.php on line 72
答案 0 :(得分:1)
在保存之前,你应该像这样编码html
$post = mysql_real_escape_string($_POST['post']);