我目前卡住了尝试将特定类型的用户输入插入我的MySQL数据库。我正在创建一个表单,允许用户将标题,要求,描述和PowerShell脚本代码输入到数据库中。我需要能够显示新输入。
我开始将所有$ _POST数据转换为htmlentities,然后插入它,一切似乎都完美无缺。所有简短的PowerShell脚本都插入到数据库中,然后进行适当的显示。但是,当我尝试插入一个很长的PowerShell脚本时,它只是将表格列留空了。
// Create Insert SQL prepared statement
$insertSql = $pdoConn->prepare('INSERT INTO scripts (ScriptID, script_name, script_requirements, script_description, script_code) VALUES (NULL, :scriptName, :scriptRequirements, :scriptDescription, :scriptCode)');
// Create htmlentity variable
$htmlName = htmlentities($_POST['scriptName']);
$htmlReq = htmlentities($_POST['scriptRequirements']);
$htmlDesc = htmlentities($_POST['scriptDescription']);
$htmlCode = htmlentities($_POST['scriptCode']);
// Execute Insert SQL prepared statement
$insertSql->execute(array(
'scriptName' => $htmlName,
'scriptRequirements' => $htmlReq,
'scriptDescription' => $htmlDesc,
'scriptCode' => $htmlCode));
// Display success message and page return
echo "New script uploaded successfully.<br>";
echo "<a href='newScript.html'>Upload another script</a><br><br>";
// Create new query to display new data
$displaySql = $pdoConn->prepare('SELECT * FROM scripts ORDER BY ScriptID DESC LIMIT 1');
// Execute SELECT query and display results
$displaySql->execute();
foreach ($displaySql as $row) {
echo "<button class='accordion'>
<h3>".$row['script_name']."</h3>
</button>
<div class='panel'>
<p class='requirements-p'>Requirements: ".$row['script_requirements']."</p>
<p id='description-p'><span>Description: </span>".$row['script_description']."</p>
<code>".$row['script_code']."</code>
</div>";
}
我用来上传数据的表单如下所示:
<article id="main-article">
<h1>Add New Script</h1>
<div id="form-envelope-div">
<div id="envelope-inner-div">
<form id="script-form" action="uploadNewScript.php" method="post" enctype="multipart/form-data">
<div id="script-div">
<label class="input_label">Title: </label>
<input class="text_input" id="title-input" type="text" placeholder="Title *" name="scriptName" required>
<label class="input_label">Requirements: </label>
<textarea class="textarea_input" id="requirements-textarea" placeholder="Requirements *" rows="10" cols="30" name="scriptRequirements" required></textarea>
<label class="input_label">Description: </label>
<textarea class="textarea_input" id="description-textarea" placeholder="Description *" rows="10" cols="30" name="scriptDescription" required></textarea>
<label class="input_label">Script: </label>
<textarea class="textarea_input" id="code-textarea" placeholder="Script *" rows="10" cols="30" name="scriptCode" required></textarea>
</div>
<div id="submit-div">
<input id="button-input" type="submit" name="submit_btn" value="Upload New Property">
</div>
</form>
</div>
</div>
</article>
以下是用户输入的两个示例。第一个示例脚本很短,插入数据库没有问题。例1:
第二个示例脚本要复杂得多,如果我使用htmlentites则根本不会插入。如果我尝试跳过htmlentities并直接从$ _POST插入,它只会插入开头: $ source = 此外,当我使用PhpMyAdmin将脚本直接插入数据库时,我没有任何问题。它甚至可以正确显示HTML。示例2代码输入:
$source = “C:\inetpub\logs\LogFiles\”
$destination = "E:\IISLogBackups_$(Get-Date -format M).zip"
Add-Type -assembly "system.io.compression.filesystem"
[io.compression.zipfile]::CreateFromDirectory($source, $destination)
$logs = ls –Path “C:\inetpub\logs\LogFiles\*” –Recurse | Where-Object{$_.LastWriteTime –lt (Get-Date).AddDays(-14)}
$logs | Remove-Item
答案 0 :(得分:0)
经过大量的调试后,我终于想出了如何解决我的问题。无论出于何种原因,require 'mysql2'
connect = Mysql2::Client.new(:host :username :password :database)
result = connect.query("SELECT * FROM sampletable WHERE name = 'Joshua'")
result.each { |x| puts x[1] }
字段的$_POST变量在读取用户输入中的连字符时出现问题。一旦输入到达textarea变量,使用$_POST或任何等效的PHP函数修复问题已经太晚了。因此,我创建了一个JavaScript函数,在提交用户输入之前,它会自动用HTML实体htmlentities替换所有连字符。这是JavaScript的样子:
”