所以我已经调试了 30 多分钟,但我仍然无法弄清楚我做错了什么。我刚刚开始使用MySQLi,这是我不断搞砸的事情之一。我认为这可能与我以前只用过一次preg_replace有关,所以我仍然不太擅长它。
<?php
ob_start();
session_start();
include("../include/config.php");
include("../include/functions.php");
if (isset($_SESSION['pv1_session']) && $_SESSION['pv1_session'] == true) {
if (isset($_POST['submit'])) {
$uid = idinfo($_SESSION['pv1_user_id'],"idu");
$id = mysqli_real_escape_string($mysql, $_POST['fid']);
$post_name = mysqli_real_escape_string($mysql, $_POST['name']);
$post_tags = mysqli_real_escape_string($mysql, $_POST['tags']);
$name = preg_replace("/[^'w a-zA-Zа-яА-Я0-9._-]/u", "_", $post_name);
$tags = preg_replace("/[^'w a-zA-Zа-яА-Я0-9._-]/u", "_", $post_tags);
$file = preg_replace("/[^'wa-zA-Zа-яА-Я0-9._-]/u", "_", $post_name);
$update = mysqli_query($mysql,"UPDATE files SET name='$name', filename='$file', tags='$tags' WHERE user_id='$uid' AND filehash='$id'");
if (!$update) {
echo "<p>Unable to update file.</p>";
exit;
} else {
echo "<p>Success: Your uploaded file has been updated!</p>";
$pro_url = $web['url'].'/account/manage_uploads.php';
header("Location: $pro_url");
}
}
} else {
echo "ERROR: Please log in first!";
}
?>
使用"预准备语句"(http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)
这为您提供了两个优势:
- 它为您处理转义(并且也做对了:您在preg_replace之前进行了转义,这可能会出错)
- 它还为您提供了非常简单的调试。你把参数放到一个数组中,你可以简单地回显(
print_r)参数数组,看看你的preg_replace做了什么。