我显示的代码似乎在$tid=mss时停止工作
这就是为什么我认为一开始称为mss的函数不起作用的原因
当脚本在我的网站上运行时,它表现得像什么都没发生过一样,并回到你正在查看的主题。对不起,我不知道发生了什么事,所以我无话可说。如果您需要任何问题,请对此发表评论
Reply.php
<?php
require('connect.php');
function mss($value) {
return mysqli_real_escape_string(trim(strip_tags($connect, $value)));
}
if(!$_POST['submit']) {
echo "Invalid usage of the file! Hmm, maybe you should try sql injection.";
} else {
$tid = mss ($_GET['id']);
$msg = mss ($_POST['reply']);
if(!$tid) {
echo "Hmm, I dont know how that you would reply to no topic but still expect it to work.";
} else {
$sql = "SELECT * FROM forum_topics WHERE id='".$tid."'";
$res = mysqli_query($connect, $sql) or die (mysqli_error());
if(mysqli_num_rows($res) == 0) {
echo "Wat r u doin m7, you tryin to rply to a topic that doesn't exist.";
} else {
$row = mysqli_fetch_assoc($res);
if(!$msg) {
echo "You did not give a reply.";
} else {
if(strlen($msg) < 5 || strlen($msg) > 10000) {
echo "<font color='red'>Your reply must be between 5 and 10000 characters!</font>";
} else {
$date = date("m-d-y") . " at " . date("h:i:s");
$time = time();
$sql3 = "INSERT INTO forum_replies (id, tid, uid, message, date, time) VALUES (default, '".$tid."','".$_SESSION['uid']."', '".$msg."', '".$date."', '".$time."')";
$res3 = mysqli_query($connect, $sql3) or die (mysqli_error());
header("Location: topics.php?id='.$tid'");
}
}
}
}
}
?>
编辑:更新代码
Connect.php
<?php
$host="localhost";//hostname
$username="********";//username
$password="********";//database password
$db_name="forum";//database name
$connect = mysqli_connect($host, $username, $password, $db_name) or die ("<font color='red'>Unable to connect to MySQL! Contact an admin.</font>");
?>
mysqli_real_escape_string()
需要将mysqli连接作为第一个参数传递。示例用法是mysqli_real_escape_string($db_link, $value)
,$db_link
变量可能在connect.php文件中设置,并通过调用mysqli_connect()
来设置。