这是我用于插入数据的代码:
$connect = mysql_connect("host","username","password") or die("couldn't Connect!");
mysql_select_db("table") or die("couldn't find db");
if(isset($_POST['user'])){
mysql_query("INSERT INTO vids (name, gname, glink, ylink, category, user)
VALUES ('".$_POST['name']."', '".$_POST['gname']."', '".$_POST['glink']."', '".$_POST['ylink']."', '".$_POST['category']."', '".$_POST['user']."' )");
}
这是表格:
<form method='post' action=''>
<table border='0'>
<tr><td><b><center>Upload your vid!</center></b>
<tr><td><b> video name:</b></td><td><input name='name' type='text' ></input></td></tr>
<tr><td><b> youtube video code:</b></td><td><input name='ylink' type='text' value='' ></input><a href='help.php'><img src='help.png' /></a></td></tr>
<tr><td><b> game name:</b></td><td><input name='gname' type='text' ></input></td></tr>
<tr><td><b> game link:</b></td><td><input name='glink' type='text' value='http://' ></input></td></tr>
<tr><td><b> Category:</b></td><td><select name='category'>
<option>shooter</option>
<option>adventure</option>
<option>arcade</option>
<option>racing</option>
<option>puzzle</option>
<option>strategy</option>
<option>sports</option></select></td></tr>
<tr><td>Submitting under:</td><td><input type='hidden' name='user' value="<?php echo "" . $_SESSION['username'] . "" ?>"><?php echo "" . $_SESSION['username'] . "" ?></td></tr>
<tr><td><input type='hidden' name='reviewed' value='no'></td></tr>
<tr><td><input type='submit' value='Submit' title='Submit content!'></td></tr>
</table>
我想这样做,以便某些字符,即“&lt;”,“&gt;”,“/”以及与javascript和其他编码语言相关的其他字符不会插入到我的MySQL表中。
任何帮助都会很棒,我现在想解决这个问题,因为黑客有时会提交重定向到不同网站的javascript重定向。
由于