我有一个简单的脚本问题,它似乎只是在INESERTING进入数据库。
我有一个表单,它也将图像上传到服务器,并将上传文件名放入数据库中。似乎如果使用了撇号,或者抛出了UTF8格式的引号,并且没有提交数据。
我尝试过使用mysql_real_escape_string和addslashes,但它具有相同的效果,或者不会发布输入数据库的任何信息。
这是表单数据(我已经将HTML编码条纹化以节省此帖子的空间)
<form method="post" action="inc/process-report.php" enctype="multipart/form-data">
<input name="Title" type="text" class="NormalTextBox" />
<input name="ShortTitle" type="text" class="NormalTextBox" maxlength="50" />
<select name="date_d" class="NoSetWidthSelectBox">
<option value'<? echo"$day"; ?>' selected><? echo"$day"; ?></option>
<option value='01'>01</option>
<option value='02'>02</option>
<option value='03'>03</option>
<option value='04'>04</option>
<option value='05'>05</option>
<option value='06'>06</option>
<option value='07'>07</option>
<option value='08'>08</option>
<option value='09'>09</option>
<option value='10'>10</option>
<option value='11'>11</option>
<option value='12'>12</option>
<option value='13'>13</option>
<option value='14'>14</option>
<option value='15'>15</option>
<option value='16'>16</option>
<option value='17'>17</option>
<option value='18'>18</option>
<option value='19'>19</option>
<option value='20'>20</option>
<option value='21'>21</option>
<option value='22'>22</option>
<option value='23'>23</option>
<option value='24'>24</option>
<option value='25'>25</option>
<option value='26'>26</option>
<option value='27'>27</option>
<option value='28'>28</option>
<option value='29'>29</option>
<option value='30'>30</option>
<option value='31'>31</option>
</select>
</select>
/
<select name="date_m" class="NoSetWidthSelectBox">
<option value'<? echo"$month"; ?>' selected><? echo"$month"; ?></option>
<option value='01'>01</option>
<option value='02'>02</option>
<option value='03'>03</option>
<option value='04'>04</option>
<option value='05'>05</option>
<option value='06'>06</option>
<option value='07'>07</option>
<option value='08'>08</option>
<option value='09'>09</option>
<option value='10'>10</option>
<option value='11'>11</option>
<option value='12'>12</option>
</select>
/
<select name="date_y" class="NoSetWidthSelectBox">
<option value='11' selected>2011</option>
<option value='12'>2012</option>
<option value='13'>2013</option>
<option value='14'>2014</option>
<option value='15'>2015</option>
<option value='16'>2016</option>
<option value='17'>2017</option>
<option value='18'>2018</option>
<option value='19'>2019</option>
<option value='20'>2020</option>
</select>
<select name="Category" class="NormalSelectBox">
<option selected="selected" value="">Please Select</option>
<?php $SQL = "SELECT * FROM " . $match_reports_cats_table . " WHERE active = 'y' ORDER BY name";
$result = @mysql_query($SQL) or die("Error Getting Catergories 1");
while($row = @mysql_fetch_array($result)) {
$ID = $row["ID"];
$name = $row["name"]; ?>
<option value="<?php echo stripslashes($row['name']); ?>"><?php echo stripslashes($row['name']); ?></option>
<? } ?>
</select>
<textarea name="Story" class="NormalTextArea"></textarea>
<input name="image" type="file" class="UploadTextBox">
<input type="hidden" name="size" value="2048">
<select name="FrontPage" class="NoSetWidthSelectBox">
<option selected='No' value='No'>No</option>
<option value='Yes'>Yes</option>
</select>
<input type="submit" name="btnSubmit" id="btnSubmit" value="Publish" class="publish_button" />
<input type="submit" name="btnSubmit" id="btnSubmit" value="Save draft" class="NormalButton" />
<input type="reset" value="Discard" class="NormalButton" />
这是流程
if($_POST['btnSubmit'] == 'Save draft'){
//This gets all the other information from the form
$target = "../../../images/matchreports/uploaded/";
$target = $target . time() . '-' . basename( $_FILES['image']['name']);
if(move_uploaded_file($_FILES['image']['tmp_name'], $target)){
$Title=$_POST['Title'];
$ShortTitle=$_POST['ShortTitle'];
$Story=$_POST['Story'];
$Category=$_POST['Category'];
$FrontPage=$_POST['FrontPage'];
$image=time() . '-' . basename( $_FILES['image']['name']);
$newdate = $_POST['date_y'].''.$_POST['date_m'].''.$_POST['date_d'];
$user_ip=$_POST['user_ip'];
//Writes the information to the database
mysql_query("INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,Category,FrontPage,active,image,date,user_ip)VALUES ('$Title', '$ShortTitle', '$Story', '$Category', '$FrontPage', 'n', '$image', '$newdate', '" . addslashes($_SERVER['REMOTE_ADDR']) . "')") ;
header("Location: /cms/matchreports/index.php?message=6");
exit;
} else {
//This gets all the other information from the form
$Title=$_POST['Title'];
$ShortTitle=$_POST['ShortTitle'];
$Story=$_POST['Story'];
$Category=$_POST['Category'];
$FrontPage=$_POST['FrontPage'];
$newdate = $_POST['date_y'].''.$_POST['date_m'].''.$_POST['date_d'];
$user_ip=$_POST['user_ip'];
//Writes the information to the database
mysql_query("INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,Category,FrontPage,active,date,user_ip)VALUES ('$Title', '$ShortTitle', '$Story', '$Category', '$FrontPage', 'n', '$newdate', '" . addslashes($_SERVER['REMOTE_ADDR']) . "')") ;
header("Location: /cms/matchreports/index.php?message=7");
exit;}}
已编辑 - 这是否更好
$target = "../../../images/matchreports/uploaded/";
$target = $target . time() . '-' . basename( $_FILES['image']['name']);
if(move_uploaded_file($_FILES['image']['tmp_name'], $target)){
$image=time() . '-' . basename( $_FILES['image']['name']);
$newdate = $_POST['date_y'].''.$_POST['date_m'].''.$_POST['date_d'];
$SQL = "INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,FrontPage,active,image,date,user_ip) VALUES('" . addslashes($_REQUEST['Title']) . "','" . addslashes($_REQUEST['ShortTitle']) . "','" . addslashes($_REQUEST['Story']) . "','" . addslashes($_REQUEST['FrontPage']) . "','" . addslashes(y) . "','$image','$newdate','" . addslashes($_SERVER['REMOTE_ADDR']) . "')";
$result = @mysql_query($SQL) or die("Error Publishing 1");
答案 0 :(得分:1)
编辑:
改变这个:
mysql_query("INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,Category,FrontPage,active,image,date,user_ip)VALUES ('$Title', '$ShortTitle', '$Story', '$Category', '$FrontPage', 'n', '$image', '$newdate', '" . addslashes($_SERVER['REMOTE_ADDR']) . "')") ;
对此:
$sql="INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,Category,FrontPage,active,image,date,user_ip)VALUES ('$Title', '$ShortTitle', '$Story', '$Category', '$FrontPage', 'n', '$image', '$newdate', '" . addslashes($_SERVER['REMOTE_ADDR']) . "')";
mysql_query($sql) ;
echo $sql;