textarea中的输入不会在mysql表中更新

时间:2011-04-20 06:47:04

标签: php mysql forms row

我已经创建了一个表单来更新我网站上的横幅信息。除了键入“textarea”的输入(称为“desc”)之外,所有内容似乎都会更新。代码看起来正确,这让我感到疯狂。

提前致谢。

<html>
<body>



<form action="aupdate.php" method="POST" enctype="multipart/form-data">

    Your or your company's name:<br>
    <input type="text" name="com" size="60"><br>


    URL:<br>
    <input type="text" name="url" size="80"><br>


    Please enter the username that you will use to update your advertisement info:<br>
    <input type="text" name="user" size="80"><br>

    Please enter the password that you will use to update your advertisement info:<br>
    <input type="text" name="pass" size="80"><br>

   <br>
   <br>


<br>
    File:<br>
    <input type="file" name="image">

          advertisement description:<br>

 <textarea name="desc" id="desc" cols="35" rows="5" ></textarea>

      <input type="submit" value="update your ad!">


    </form>

<?php

//connect to database
require("connect.php");

//get user made username
$user = $_POST['user'];

//get user made password
$pass = $_POST['pass'];

//encrypt user made password
$encpass = hash('sha256', $pass);

//file properties
$file = $_FILES['image']['tmp_name'];

//initialize company name and description
$com = $_POST['com'];
$desc = $_POST['desc'];
$url = $_POST['url'];




//check to see if coupon code and other essential info entered
if (!$user || !$pass )
{
    echo "Please enter updated info with username and password.";
}
else
{

//retrieve data from password table
$query = mysql_query ("SELECT * FROM apartment WHERE pass = '$encpass' ");

//get number of rows in table
$numrows = mysql_num_rows ($query);

//check if code is right or exists
if ($numrows !=0)
{

    // code to login
    while ($row = mysql_fetch_assoc ($query))
    {
        //retrieve code from database to match with the code that was put into field
        $dbuser = $row['user'];
        $dbpass = $row['pass'];
    }

    //check to see if they match
    if ($user == $dbuser && $encpass == $dbpass )
    {


    //check to see if a file has even been submitted
    if (!$file)
    {

        echo "please upload image";
    }
    else
    {
        //get image file attributes
    $image = addslashes(file_get_contents ($_FILES['image']['tmp_name']));
    $image_name = addslashes($_FILES['image']['name']);
    $image_size = addslashes(getimagesize($_FILES['image']['tmp_name']));

    //check if image file size is right
    if ($image_size==FALSE)
        echo "that's not an image.";
    else
    {


mysql_query ("UPDATE apartment SET desc = '$desc' WHERE user ='$user'"); 
mysql_query ("UPDATE apartment SET name = '$image_name' WHERE user ='$user'"); 
mysql_query ("UPDATE apartment SET com = '$com' WHERE user ='$user'"); 
mysql_query ("UPDATE apartment SET url = '$url' WHERE user ='$user'"); 
mysql_query ("UPDATE apartment SET image = '$image' WHERE user ='$user'"); 


            echo "advertisement successfully updated!";



    }
  }


}
else


    echo "Incorrect username or password.";
}
else 



    echo "Incorrect username or password.";

}

?>
</body>
</html>

1 个答案:

答案 0 :(得分:4)

desc是mysql reserved word将其括在反引号中

并使用mysql_real_escape_string

转义用户输入
    $desc=mysql_real_escape_string($desc);
    mysql_query ("UPDATE apartment SET `desc` = '$desc' WHERE user ='$user'"); 

您还可以使用逗号改进更新查询,以便在更新查询

中分隔字段
mysql_query ("UPDATE apartment SET `desc` = '$desc',url='$url' WHERE user ='$user'");