我有一个论坛的脚本。默认情况下,用户只有在打开网站以确定父级时才能发帖。例如domain.com/new.php?parent=3
在这里,我尝试使用下拉列表进行修改。例如:选项 1(值 1)选项 2(值 2)选项 3(值 3)
我按照$title=$_POST['title'];的例子添加$parent=$_POST['parent'];但总是失败。
有解决办法吗?
法典:
<?php
//This page let users create new topics
include('config.php');
if(isset($_GET['parent']))
{
$id = intval($_GET['parent']);
if(isset($_SESSION['username']))
{
$dn1 = mysql_fetch_array(mysql_query('select count(c.id) as nb1, c.name from categories as c where c.id="'.$id.'"'));
if($dn1['nb1']>0)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New Topic - <?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?> - Forum</title>
<script type="text/javascript" src="functions.js"></script>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Forum" /></a>
</div>
<div class="content">
<?php
$nb_new_pm = mysql_fetch_array(mysql_query('select count(*) as nb_new_pm from pm where ((user1="'.$_SESSION['userid'].'" and user1read="no") or (user2="'.$_SESSION['userid'].'" and user2read="no")) and id2="1"'));
$nb_new_pm = $nb_new_pm['nb_new_pm'];
?>
<div class="box">
<div class="box_left">
<a href="<?php echo $url_home; ?>">Forum Index</a> > <a href="list_topics.php?parent=<?php echo $id; ?>"><?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?></a> > New Topic
</div>
<div class="box_right">
<a href="list_pm.php">Your messages(<?php echo $nb_new_pm; ?>)</a> - <a href="profile.php?id=<?php echo $_SESSION['userid']; ?>"><?php echo htmlentities($_SESSION['username'], ENT_QUOTES, 'UTF-8'); ?></a> (<a href="login.php">Logout</a>)
</div>
<div class="clean"></div>
</div>
<?php
if(isset($_POST['message'], $_POST['title']) and $_POST['message']!='' and $_POST['title']!='')
{
include('bbcode_function.php');
$title = $_POST['title'];
$message = $_POST['message'];
if(get_magic_quotes_gpc())
{
$title = stripslashes($title);
$message = stripslashes($message);
}
$title = mysql_real_escape_string($title);
$message = mysql_real_escape_string(bbcode_to_html($message));
if(mysql_query('insert into topics (parent, id, id2, title, message, authorid, timestamp, timestamp2) select "'.$id.'", ifnull(max(id), 0)+1, "1", "'.$title.'", "'.$message.'", "'.$_SESSION['userid'].'", "'.time().'", "'.time().'" from topics'))
{
?>
<div class="message">The topic have successfully been created.<br />
<a href="list_topics.php?parent=<?php echo $id; ?>">Go to the forum</a></div>
<?php
}
else
{
echo 'An error occurred while creating the topic.';
}
}
else
{
?>
<form action="new_topic.php?parent=<?php echo $id; ?>" method="post">
<label for="title">Title</label><input type="text" name="title" id="title" /><br />
<label for="message">Message</label><br />
<div class="message_buttons">
<input type="button" value="Bold" onclick="javascript:insert('[b]', '[/b]', 'message');" /><!--
--><input type="button" value="Italic" onclick="javascript:insert('[i]', '[/i]', 'message');" /><!--
--><input type="button" value="Underlined" onclick="javascript:insert('[u]', '[/u]', 'message');" /><!--
--><input type="button" value="Image" onclick="javascript:insert('[img]', '[/img]', 'message');" /><!--
--><input type="button" value="Link" onclick="javascript:insert('[url]', '[/url]', 'message');" /><!--
--><input type="button" value="Left" onclick="javascript:insert('[left]', '[/left]', 'message');" /><!--
--><input type="button" value="Center" onclick="javascript:insert('[center]', '[/center]', 'message');" /><!--
--><input type="button" value="Right" onclick="javascript:insert('[right]', '[/right]', 'message');" />
</div>
<textarea name="message" id="message" cols="70" rows="6"></textarea><br />
<input type="submit" value="Send" />
</form>
<?php
}
?>
</div>
<div class="foot"><a href="http://www.webestools.com/scripts_tutorials-code-source-26-simple-php-forum-script-php-forum-easy-simple-script-code-download-free-php-forum-mysql.html">Simple PHP Forum Script</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
<?php
}
else
{
echo '<h2>The category you want to add a topic doesn''t exist.</h2>';
}
}
else
{
?>
<h2>You must be logged to access this page.</h2>
<div class="box_login">
<form action="login.php" method="post">
<label for="username">Username</label><input type="text" name="username" id="username" /><br />
<label for="password">Password</label><input type="password" name="password" id="password" /><br />
<label for="memorize">Remember</label><input type="checkbox" name="memorize" id="memorize" value="yes" />
<div class="center">
<input type="submit" value="Login" /> <input type="button" onclick="javascript:document.location='signup.php';" value="Sign Up" />
</div>
</form>
</div>
<?php
}
}
else
{
echo '<h2>The ID of the category you want to add a topic is not defined.</h2>';
}
?>
中没有名称为 parent 的 input 元素形式,因此不会设置$_POST['parent']。提交后通过转储$_POST验证:var_dump($_POST) .
您可以重用保存$_GET['parent']值的 $id 变量。
正如评论中提到的:
确保在陈述 SQL 查询之前清理所有输入值,以防止 SQL 注入攻击!