保存页面时出错。自定义构建CMS

时间:2017-01-19 12:23:02

标签: php sql database content-management-system mariadb

我有一个基于 PHP 的自定义 CMS 。在尝试编辑然后保存任何页面时,我收到此错误:

You have an error in your SQL syntax; check the manual that 
corresponds to your MariaDB server version for the right syntax 
to use near 'second hand PDF list' in the file named Events, 
viewable from the 'view file' bu' at line 5

我几乎检查过所有东西,但无法弄明白。

以下是我收到此错误的网页代码。

    session_start();
    include "../config.php";
    include("fckeditor.php");
    //$_SESSION['admin_user'] = $admin_username;
    $admin_user=$_SESSION['admin_user'];

    if (empty($admin_user))
    {
        header("Location: index.php?action=not_sign");
    }

    if (isset($_POST["mode"]))
    {
        if ($_POST["mode"] == "edit_cmspage")
        {
            $page_id = $_POST['page_id'];
            $page_title = $_POST['page_title'];
            $keywords = $_POST['keywords'];
            $page_desc = $_POST['page_desc'];
            $details = $_POST['details'];

            $sql = "SELECT * FROM page_info  where page_id='$page_id'";
            $res = dbquery($sql) or die(mysql_error());
            $no = mysql_num_rows($res);

            if ($no > 0 )
            {
                $add = "UPDATE `page_info` set 
                        `page_title` = '$page_title' ,
                        `page_keywords` = '$keywords',
                        `page_desc` = '$page_desc' ,
                        `page_content` = '$details' 
                        where page_id='$page_id'";
                $add_res = dbquery($add) or die(mysql_error());

                header("Location: cms_page.php?pg=$pg&action=update");
            }
            else
            {       
                $add = "INSERT INTO `page_info` ( `page_id` , `page_title`, `page_keywords`, `page_desc`, `page_content` ) VALUES ('$page_id', '$page_title', '$keywords', '$page_desc', '$details')";
                $add_res = dbquery($add) or die(mysql_error());

                header("Location: cms_page.php?pg=$pg&action=update");
            }
        }
    }


    if (isset($_GET['pg']))
    {   
        if ($_GET['pg'] == 'home')
        {
            $pageid = 1;
            $cms_page = 'Home Page';
        }
        if ($_GET['pg'] == 'railways')
        {
            $pageid = 2;
            $cms_page = 'Railways Page';
        }
        if ($_GET['pg'] == 'history')
        {
            $pageid = 3;
            $cms_page = 'History Page';
        }
        if ($_GET['pg'] == 'childrens')
        {
            $pageid = 4;
            $cms_page = 'Childrens Page';
        }
        if ($_GET['pg'] == 'contactus')
        {
            $pageid = 5;
            $cms_page = 'Contact Us Page';
        }
        if ($_GET['pg'] == 'others')
        {
            $pageid = 6;
            $cms_page = 'Others Page';
        }
        if ($_GET['pg'] == 'seconds')
        {
            $pageid = 7;
            $cms_page = 'Seconds Page';
        }
        if ($_GET['pg'] == 'arts')
        {
            $pageid = 8;
            $cms_page = 'Arts Page';
        }
        if ($_GET['pg'] == 'crafts')
        {
            $pageid = 9;
            $cms_page = 'Crafts Page';
        }
        if ($_GET['pg'] == 'terms')
        {
            $pageid = 10;
            $cms_page = 'Terms Page';
        }
        if ($_GET['pg'] == 'local')
        {
            $pageid = 11;
            $cms_page = 'Local History Page';
        }
        if ($_GET['pg'] == 'miscellaneous')
        {
            $pageid = 12;
            $cms_page = 'Miscellaneous Page';
        }
        if ($_GET['pg'] == 'list')

        {

            $pageid = 16;

            $cms_page = 'Second Hand PDF Book list';

        }

        $sql = "SELECT * FROM page_info where page_id='$pageid'";
        $res = dbquery($sql);
        $data = dbfetch($res);

        $page_title = $data['page_title'];
        $keywords = $data['page_keywords'];
        $page_desc = $data['page_desc'];                
        $details = $data['page_content'];

    }

    ?>
    <!DOCTYPE html>
    <html>
    <head>
        <title>Edit</title>
        <link href="../css/main.css" rel="stylesheet" type="text/css">
        <script language="JavaScript">

        function Trim(s) 
        {
           // Remove leading spaces and carriage returns
           while ((s.substring(0,1) == ' ') || (s.substring(0,1) == '\n') || (s.substring(0,1) == '\r'))
           { s = s.substring(1,s.length); }

           // Remove trailing spaces and carriage returns
           while ((s.substring(s.length-1,s.length) == ' ') || (s.substring(s.length-1,s.length) == '\n') || (s.substring(s.length-1,s.length) == '\r'))
           { s = s.substring(0,s.length-1); }

           return s;
        } 

        function check(fm)
        {
           details = Trim(fm.details.value)
           if(fm.details.value=="")
           {   
               alert("You can't left blank Description.");
               return false;
           }
           return true;
        }
        </script>
    </head>
    <body>
        <table align="center" border="0" cellpadding="0" cellspacing="0" width="900">
            <tr bgcolor="#FFFFFF">
                <td align="center"><? include('header.php'); ?>
                </td>
            </tr>
            <tr>
                <td align="center" bgcolor="#FFFFFF">
                    <table border="0" cellpadding="0" cellspacing="0" width="100%">
                        <tr>
                            <td align="left" bgcolor="#DD6100" valign="top" width="20%"><? include('menu_bar.php'); ?>
                            </td>
                            <td align="center" valign="top" width="80%">
                                <table border="0" cellpadding="0" cellspacing="0" width="100%">
                                    <tr>
                                        <td width="5%">&nbsp;</td>
                                        <td width="90%">&nbsp;</td>
                                        <td width="5%">&nbsp;</td>
                                    </tr>
                                    <tr>
                                        <td>&nbsp;</td>
                                        <td class="subheader">Edit Home Page</td>
                                        <td>&nbsp;</td>
                                    </tr>
                                    <tr>
                                        <td>&nbsp;</td>
                                        <td align="center" class="contents"><strong><font color="#0000FF"></font></strong></td>
                                        <td>&nbsp;</td>
                                    </tr>
                                    <tr>
                                        <td>&nbsp;</td>
                                        <td align="right" class="bold_back">&nbsp;</td>
                                        <td>&nbsp;</td>
                                    </tr>
                                    <tr>
                                        <td>&nbsp;</td>
                                        <td align="center" class="bold_back">
                                            <table bgcolor="#388A01" border="0" cellpadding="1" cellspacing="0" width="100%">
                                                <tr>
                                                    <td height="">
                                                        <table border="0" cellpadding="0" cellspacing="0" width="100%">
                                                            <tr>
                                                                <td align="center" bgcolor="#FFFFFF" valign="top">
                                                                    <table border="0" cellpadding="2" cellspacing="0" width="100%">
                                                                        <tbody>
                                                                            <tr>
                                                                                <td>
                                                                                    <form action="edit_cmspage.php" method="post" onsubmit="return check(this)">
                                                                                        <input name="mode" type="hidden" value="edit_cmspage"> <input name="page_id" type="hidden" value="&lt;? echo $pageid; ?&gt;"> <input name="pg" type="hidden" value="&lt;? echo $_GET['pg']; ?&gt;">
                                                                                        <table border="0" cellpadding="0" cellspacing="3" width="100%">
                                                                                            <tr>
                                                                                                <td class="contents" width="13%"><strong>Title</strong></td>
                                                                                                <td width="87%"><span class="admin_in"><input class="INPUT" name="page_title" size="70" type="text" value="<?php echo $page_title;?>"></span></td>
                                                                                            </tr>
                                                                                            <tr>
                                                                                                <td class="contents"><strong>Keywords</strong></td>
                                                                                                <td><span class="admin_in"><input class="INPUT" name="keywords" size="70" type="text" value="<?php echo $keywords; ?>"></span></td>
                                                                                            </tr>
                                                                                            <tr>
                                                                                                <td class="contents"><strong>Description</strong></td>
                                                                                                <td><span class="admin_in"><input class="INPUT" name="page_desc" size="70" type="text" value="<?php echo $page_desc; ?>"></span></td>
                                                                                            </tr>
                                                                                            <tr>
                                                                                                <td>&nbsp;</td>
                                                                                                <td height="25"><?php
                                                                                                                                            $oFCKeditor = new FCKeditor('details') ;
                                                                                                                                            $oFCKeditor->BasePath = "";
                                                                                                                                            //$oFCKeditor->BasePath = "../../../";
                                                                                                                                            $oFCKeditor->Value = $details;
                                                                                                                                            $oFCKeditor->Width  = '100%' ;
                                                                                                                                            $oFCKeditor->Height = '450' ;
                                                                                                                                            $oFCKeditor->Create() ;
                                                                                                                                        ?></td>
                                                                                            </tr>
                                                                                            <tr>
                                                                                                <td>&nbsp;</td>
                                                                                                <td height="25">&nbsp;</td>
                                                                                            </tr>
                                                                                            <tr>
                                                                                                <td>&nbsp;</td>
                                                                                                <td>
                                                                                                    <input name="imageField" src="images/btn_save.jpg" type="image"> <a href="cms_page.php?pg=%3C?=%20$_GET['pg'];%20?%3E"><img alt="Cancel" border="0" height="25" src="images/btn_cancel.jpg" width="80"></a>
                                                                                                </td>
                                                                                            </tr>
                                                                                        </table>
                                                                                    </form>
                                                                                </td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table>
                                                                </td>
                                                            </tr>
                                                        </table>
                                                    </td>
                                                </tr>
                                            </table>
                                        </td>
                                        <td>&nbsp;</td>
                                    </tr>
                                    <tr>
                                        <td height="20">&nbsp;</td>
                                        <td>&nbsp;</td>
                                        <td>&nbsp;</td>
                                    </tr>
                                    <tr>
                                        <td>&nbsp;</td>
                                        <td>&nbsp;</td>
                                        <td>&nbsp;</td>
                                    </tr>
                                </table>
                            </td>
                        </tr>
                    </table>
                </td>
            </tr>
            <tr bgcolor="#FFFFFF">
                <td align="center"><? include('footer.php'); ?>
                </td>
            </tr>
        </table>
    </body>
    </html>

1 个答案:

答案 0 :(得分:0)

让我们看看带有错误的SQL;我打赌你把$cms_page放进去没有任何引号或逃脱。