这是我的HTML代码,也有PHP代码。
我已经包含了我的两个文件,并且我已经尝试了大部分选项。我知道我的所有位置都是正确的,所以我隐藏了那些,除了代码中的所有内容。
<!DOCTYPE html>
<html>
<head>
<title> CK EDITOR </title>
<link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="fontawesome/fontawesome-free-5.0.6/web-fonts-with-css/css/fontawesome.min.css">
<script src="ckeditor/ckeditor/ckeditor.js" type="text/javascript" ></script>
</head>
<body>
<br>
<a class="btn btn-success" href="textareaNB.php"> Home </a>
<a class="btn btn-success" href="ListNB.php">Lists</a>
<br><br>
<form action="add.php" method="POST" enctype="multipart/form-data">
<textarea class="ckeditor" id="editor"></textarea>
<br>
<button type="submit" name="submit" class="btn btn-sucess">submit</button>
</form>
</body>
</html>
<?php
$path='lcoation';
include ($path);
include 'textareaNB.php';
session_start();
if($username == true){
}
else{
header("location: http://localhost/Project/signupnb.php");
exit();
}
$user=$_SESSION['user'];
if(isset($_POST['submit']))
{
$date=date("Y/M/D");
$entry=$_POST['editor'];
$conn2=mysqli_connect("localhost","root","") or die(mysql_error());
mysqli_Select_db($conn2,"editor") or die("connot connect to the database");
mysqli_query($conn2,"INSERT INTO `editornb` (`user_uid`, `content`, `date`) values ('".$user."','".$entry."','".$date."')");
print'<script> alert("Sucessfully Inserted!!!");</script>';
print'<script> windows.location.assign("http://localhost/Project/projectNB.php");</script>';
}
else{
header("location:http://localhost/Project/projectNB.php");
exit();
}
答案 0 :(得分:1)
你使用什么版本的PHP btw?如果您未使用PHP版本PHP 5.4.0+,请添加以下代码。这将反转从$ _变量中自动转义数据。
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
您的textarea没有名称,因此其内容不会传递到您的php文件。
更改:
<textarea class="ckeditor" id="editor"></textarea>
要
<textarea class="ckeditor" id="editor" name="editor"></textarea>
(防止sql注入)端口到Prepared语句:
<强>替换
mysqli_query($conn2,"INSERT INTO `editornb` (`user_uid`, `content`, `date`) values ('".$user."','".$entry."','".$date."')");
print'<script> alert("Sucessfully Inserted!!!");</script>';
print'<script> windows.location.assign("http://localhost/Project/projectNB.php");</script>';
。通过
$stmt = mysqli_prepare($conn2,"INSERT INTO `editornb` (`user_uid`, `content`, `date`) values (?, ?, ? );");
mysqli_stmt_bind_param($stmt, "iss", $user, $entry, $date);
$er = mysqli_stmt_execute($stmt);
if( $er == TRUE ) {
print'<script> alert("Sucessfully Inserted!!!");</script>';
print'<script> windows.location.assign("http://localhost/Project/projectNB.php");</script>';
}
答案 1 :(得分:0)
变化:
<textarea class="ckeditor" id="editor"></textarea>
为:
<textarea class="ckeditor" name="editor" id="editor"></textarea>