我现在正在做一些涉及用户放置状态的东西,但是每当用户用撇号或双引号放置状态时,他们都会出错。
谁能帮忙?谢谢!p.s "你的帖子没有太多上下文来解释代码部分;请更清楚地解释您的情况。
我的帖子.php
<?php
require('database/connect.php');
$result = mysql_query("SELECT * FROM posts ORDER BY date DESC");
while($row = mysql_fetch_array($result)) {
$email = $row['email'];
// To find username
$username = mysql_query("SELECT name FROM users WHERE email = '$email'");
$name = mysql_fetch_assoc($username);
// To make the date look prettier
$id = $row['id'];
$date_get = mysql_query("SELECT date FROM posts WHERE id='$id'");
$time = mysql_fetch_assoc($date_get);
$mysqldate = $time['date'];
$phpdate = strtotime( $mysqldate );
$DayMonthDay = date('l, F j', $phpdate);
$HourMinutePMAM = date('g:ia', $phpdate);
$date = $DayMonthDay." at ".$HourMinutePMAM;
echo "<div class='home-echoed-posts'>";
echo "<a href='#' class='home-echoed-posts-name'>".$name['name']."</a> ";
echo "<div class='home-echoed-posts-post'>".nl2br(stripslashes($row['post']))."</div>";
echo "<div class='home-echoed-posts-date'>".$date."</div>";
echo "</div>";
}
?>
和发布.php:
<?php
session_start();
require('database/connect.php');
if(empty($_POST['post'])){
header('Location: home.php');
}
$post = $_POST['post'];
$useremail = $_SESSION['email'];
$result = mysql_query("INSERT INTO posts (post, email) VALUE ('$post', '$useremail')");
if($result==1) {
header('Location: home.php');
}else{
die('We have experienced some technical problems, please try again');
}
?>
也许您需要转义用户的输入?
在PHP中,有addslashes ($user_status)
参考资料是:http://php.net/manual/en/function.addslashes.php
如果您使用的是 DBMS,请确保在将状态保存到数据库之前使用 DBMS 特定的转义:
- mysql_real_escape_string() for MySQL
- pg_escape_string() for PostgreSQL