我正在尝试将记录发布到数据库中,几天前修改网站后,相同的脚本工作正常,但它无法正常工作。
当我尝试回显内容时,我得到一切正常。 即使我尝试插入没有文本区域内容的记录,那么只有当我尝试插入带有内容(我的意思是 $post_content )的记录时,它才能完美运行,然后我在查询中遇到错误。
如果我使用mysql_real_escape_string() ,我插入了记录但没有文本区域内容,它是空白的,我使用 nl2br() 转义换行符,但目前没有任何工作完全沮丧,并且相同的代码在我的本地计算机服务器上运行良好找不到真正的问题所在。
我认为文本编辑器导致了问题,我现在正在使用niceEdit,我也尝试使用tinyMce但从未起作用。谁能帮我?
<!DOCTYPE html>
<html>
<head>
<title> Insert New Post</title>
<script src="http://js.nicedit.com/nicEdit-latest.js" type="text/javascript"></script>
<script type="text/javascript">bkLib.onDomLoaded(nicEditors.allTextAreas);</script>
<style>
input[type="text"]{
width:90%;
height: 30px;
}
select{
height: 30px;
}
table{
width:100%;
}
label{
font-weight:300;font-size:1.5em;text-align: right;
}
textarea{
width: 90%;
}
</style>
</style>
</head>
<!-- BEGIN BODY -->
<body>
<?php include('config.php'); ?>
<?php
ob_start();
if($_SERVER["REQUEST_METHOD"] == "POST"){
$post_title=$_POST['post_title'];
$post_author=$_POST['post_author'];
//$post_date=date("l jS 'of F Y h:i:s A");
//$post_date=date("l jS 'of F Y");
$post_catagory=$_POST['post_catagory'];
$post_image=$_FILES['post_image']['name'];
$post_image_tmp=$_FILES['post_image']['tmp_name'];
$post_keyword=$_POST['post_keyword'];
$post_page=$_POST['post_page'];
$post_content=mysql_real_escape_string($_POST['post_content']);
// $post_content= nl2br($post_content);
if($post_author==''){
echo "<script>alert('You must fill all blank fields'); window.location('insert_post.php');</script>";
exit();
}
else{
move_uploaded_file($post_image_tmp,"../../images/$post_image");
$sql="insert into post (page_id,post_title,post_author,post_image,post_keywords,post_catagory,post_content) values ('$post_page','$post_title','$post_author','$post_image','$post_keyword','$post_catagory','$post_content')";
$result=mysqli_query($bd,$sql) or die("Error occured:in query".mysql_error());
if(!$result){
echo"<h2 style='"color:red;position:absolute;top:0;left:400px;'">Your post wasnt posted something is worng</h2>";
exit();
}else{
echo"<h2><script>alert('Your Post has been published successfully!')</script>";
echo"<script>window.open('insert_post.php','_self')</script>";
}
}
}
?>
<!-- MAIN WRAPPER -->
<div id="wrap" >
<?php
//echo $post_author;
// echo $post_title;
// echo $post_page;
// echo $post_keyword;
// echo $post_content;
// echo $post_image;
?>
<!-- MENU SECTION -->
<!--END MENU SECTION -->
<!--PAGE CONTENT -->
<?php //include('include/content.php'); ?>
<div class="row">
<div class="col-lg-12">
<div id="post_form">
<table>
<form action="" method="post" enctype="multipart/form-data" id="post_form">
<tr>
<td><label>Post Title</label></td>
<td><input class="form-control" type="text" name="post_title"></td>
</tr>
<tr>
<td><label>Post Author</label></td>
<td><input class="form-control" type="text" name="post_author"></td>
</tr>
<tr>
<td> <label>Post Catagory</label></td>
<td><select class="form-control" name="post_catagory">
<?php
$sql="select * from catagory";
$result=mysqli_query($bd,$sql) or die("Error:".mysql_error());
while($row=mysqli_fetch_array($result)){
?>
<option value="<?php echo $row['name'] ?>"><?php echo $row['name'];?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td><label>Post keywords</label></td>
<td><input type="text" name="post_keyword" placeholder="Enter text"></td>
</tr>
<tr>
<td><label>Post Image</label></td>
<td><input type="file" name="post_image"/></td>
</tr>
<tr>
<td><label>Select Page</label></td>
<td><select class="form-control" name="post_page">
<?php
$sql="select * from menu";
$result=mysqli_query($bd,$sql) or die("error".mysql_error());
while($row=mysqli_fetch_array($result)){
?>
<option value="<?php echo $row['id'];?>"><?php echo $row['name'];?></option>
<?php
}
?>
</select></td>
</tr>
<tr>
<td><label>Post Contents</label></td>
<td><textarea id="area1" name="post_content" rows="10"></textarea></td>
</tr>
<tr>
<td>Action Key</td>
<td><button type="submit" class="btn btn-default" name="submit" onclick="nicEditors.findEditor('area1').saveContent();">Publish Now</button><button type="reset" class="btn btn-default">Reset Button</button></td>
<td></td>
</tr>
</form>
</table>
</div>
</div>
</div>
<!--END PAGE CONTENT -->
<!-- RIGHT STRIP SECTION -->
<?php //include('include/right.php'); ?>
<!-- END RIGHT STRIP SECTION -->
</div>
</body>
</html>
<!--END MAIN WRAPPER -->
<!-- FOOTER -->
你混淆了mysql和mysqli.当你调用mysqli_query时,你也必须用mysqli_函数来阻止数据。
$post_content = mysqli_real_escape_string(nl2br($_POST['post_content']));
// ^
您应该将mysql_real_escape_string用于数据库的所有字符串输入,其中包括,而不仅仅是content。
只需使用 mysql_real_escape_string() 即可插入所有值。
使用 mysqli_real_escape_string()
字符串mysqli_real_escape_string ( mysqli $link , string $escapestr )
您必须添加连接链接作为 mysqli_real_escape_string() 的第一个参数
$post_content = mysqli_real_escape_string($bd, nl2br($_POST['post_content']));
再
mysqli_query($bd,$sql) or die("Error occured:in query".mysql_error());
^
而不是
mysql_error()
用
mysqli_error($bd)