我有一个基于 PHP 的自定义 CMS 。在尝试编辑然后保存任何页面时,我收到此错误:
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax
to use near 'second hand PDF list' in the file named Events,
viewable from the 'view file' bu' at line 5
我几乎检查过所有东西,但无法弄明白。
以下是我收到此错误的网页代码。
session_start();
include "../config.php";
include("fckeditor.php");
//$_SESSION['admin_user'] = $admin_username;
$admin_user=$_SESSION['admin_user'];
if (empty($admin_user))
{
header("Location: index.php?action=not_sign");
}
if (isset($_POST["mode"]))
{
if ($_POST["mode"] == "edit_cmspage")
{
$page_id = $_POST['page_id'];
$page_title = $_POST['page_title'];
$keywords = $_POST['keywords'];
$page_desc = $_POST['page_desc'];
$details = $_POST['details'];
$sql = "SELECT * FROM page_info where page_id='$page_id'";
$res = dbquery($sql) or die(mysql_error());
$no = mysql_num_rows($res);
if ($no > 0 )
{
$add = "UPDATE `page_info` set
`page_title` = '$page_title' ,
`page_keywords` = '$keywords',
`page_desc` = '$page_desc' ,
`page_content` = '$details'
where page_id='$page_id'";
$add_res = dbquery($add) or die(mysql_error());
header("Location: cms_page.php?pg=$pg&action=update");
}
else
{
$add = "INSERT INTO `page_info` ( `page_id` , `page_title`, `page_keywords`, `page_desc`, `page_content` ) VALUES ('$page_id', '$page_title', '$keywords', '$page_desc', '$details')";
$add_res = dbquery($add) or die(mysql_error());
header("Location: cms_page.php?pg=$pg&action=update");
}
}
}
if (isset($_GET['pg']))
{
if ($_GET['pg'] == 'home')
{
$pageid = 1;
$cms_page = 'Home Page';
}
if ($_GET['pg'] == 'railways')
{
$pageid = 2;
$cms_page = 'Railways Page';
}
if ($_GET['pg'] == 'history')
{
$pageid = 3;
$cms_page = 'History Page';
}
if ($_GET['pg'] == 'childrens')
{
$pageid = 4;
$cms_page = 'Childrens Page';
}
if ($_GET['pg'] == 'contactus')
{
$pageid = 5;
$cms_page = 'Contact Us Page';
}
if ($_GET['pg'] == 'others')
{
$pageid = 6;
$cms_page = 'Others Page';
}
if ($_GET['pg'] == 'seconds')
{
$pageid = 7;
$cms_page = 'Seconds Page';
}
if ($_GET['pg'] == 'arts')
{
$pageid = 8;
$cms_page = 'Arts Page';
}
if ($_GET['pg'] == 'crafts')
{
$pageid = 9;
$cms_page = 'Crafts Page';
}
if ($_GET['pg'] == 'terms')
{
$pageid = 10;
$cms_page = 'Terms Page';
}
if ($_GET['pg'] == 'local')
{
$pageid = 11;
$cms_page = 'Local History Page';
}
if ($_GET['pg'] == 'miscellaneous')
{
$pageid = 12;
$cms_page = 'Miscellaneous Page';
}
if ($_GET['pg'] == 'list')
{
$pageid = 16;
$cms_page = 'Second Hand PDF Book list';
}
$sql = "SELECT * FROM page_info where page_id='$pageid'";
$res = dbquery($sql);
$data = dbfetch($res);
$page_title = $data['page_title'];
$keywords = $data['page_keywords'];
$page_desc = $data['page_desc'];
$details = $data['page_content'];
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Edit</title>
<link href="../css/main.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
function Trim(s)
{
// Remove leading spaces and carriage returns
while ((s.substring(0,1) == ' ') || (s.substring(0,1) == '\n') || (s.substring(0,1) == '\r'))
{ s = s.substring(1,s.length); }
// Remove trailing spaces and carriage returns
while ((s.substring(s.length-1,s.length) == ' ') || (s.substring(s.length-1,s.length) == '\n') || (s.substring(s.length-1,s.length) == '\r'))
{ s = s.substring(0,s.length-1); }
return s;
}
function check(fm)
{
details = Trim(fm.details.value)
if(fm.details.value=="")
{
alert("You can't left blank Description.");
return false;
}
return true;
}
</script>
</head>
<body>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="900">
<tr bgcolor="#FFFFFF">
<td align="center"><? include('header.php'); ?>
</td>
</tr>
<tr>
<td align="center" bgcolor="#FFFFFF">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td align="left" bgcolor="#DD6100" valign="top" width="20%"><? include('menu_bar.php'); ?>
</td>
<td align="center" valign="top" width="80%">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="5%"> </td>
<td width="90%"> </td>
<td width="5%"> </td>
</tr>
<tr>
<td> </td>
<td class="subheader">Edit Home Page</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="center" class="contents"><strong><font color="#0000FF"></font></strong></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="right" class="bold_back"> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="center" class="bold_back">
<table bgcolor="#388A01" border="0" cellpadding="1" cellspacing="0" width="100%">
<tr>
<td height="">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td align="center" bgcolor="#FFFFFF" valign="top">
<table border="0" cellpadding="2" cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<form action="edit_cmspage.php" method="post" onsubmit="return check(this)">
<input name="mode" type="hidden" value="edit_cmspage"> <input name="page_id" type="hidden" value="<? echo $pageid; ?>"> <input name="pg" type="hidden" value="<? echo $_GET['pg']; ?>">
<table border="0" cellpadding="0" cellspacing="3" width="100%">
<tr>
<td class="contents" width="13%"><strong>Title</strong></td>
<td width="87%"><span class="admin_in"><input class="INPUT" name="page_title" size="70" type="text" value="<?php echo $page_title;?>"></span></td>
</tr>
<tr>
<td class="contents"><strong>Keywords</strong></td>
<td><span class="admin_in"><input class="INPUT" name="keywords" size="70" type="text" value="<?php echo $keywords; ?>"></span></td>
</tr>
<tr>
<td class="contents"><strong>Description</strong></td>
<td><span class="admin_in"><input class="INPUT" name="page_desc" size="70" type="text" value="<?php echo $page_desc; ?>"></span></td>
</tr>
<tr>
<td> </td>
<td height="25"><?php
$oFCKeditor = new FCKeditor('details') ;
$oFCKeditor->BasePath = "";
//$oFCKeditor->BasePath = "../../../";
$oFCKeditor->Value = $details;
$oFCKeditor->Width = '100%' ;
$oFCKeditor->Height = '450' ;
$oFCKeditor->Create() ;
?></td>
</tr>
<tr>
<td> </td>
<td height="25"> </td>
</tr>
<tr>
<td> </td>
<td>
<input name="imageField" src="images/btn_save.jpg" type="image"> <a href="cms_page.php?pg=%3C?=%20$_GET['pg'];%20?%3E"><img alt="Cancel" border="0" height="25" src="images/btn_cancel.jpg" width="80"></a>
</td>
</tr>
</table>
</form>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
<td> </td>
</tr>
<tr>
<td height="20"> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td align="center"><? include('footer.php'); ?>
</td>
</tr>
</table>
</body>
</html>
答案 0 :(得分:0)
让我们看看带有错误的SQL;我打赌你把$cms_page
放进去没有任何引号或逃脱。