-2

它应该允许您向数据库添加个人链接,并且服务器正在运行带有 MySQL 和 Active Directory 的 Windows Server 2008 R2。

<?php 
$dbl = mysql_connect('localhost', 'USERNAME', 'PASSWORD') or die('failed to connect to mysql'); 
mysql_select_db('linksdatabase') or die('failed to select database'); 

if(isset($_POST['linkaddress']) && isset($_POST['linkname'])) 
$sql = "INSERT INTO userlinks (username, linkaddress, linkname) VALUES ('%s','%s','%s')";
mysql_query ( sprintf ( $sql, mysql_real_escape_string ( $_SERVER ['AUTH_USER'] ), mysql_real_escape_string ( $_POST ['linkaddress'] ), mysql_real_escape_string ( $_POST ['linkname'] ) ) );

echo '<p>Links:</p><ul>'; 

$result = mysql_query ( sprintf ( "SELECT linkaddress, linkname FROM userlinks WHERE username = '%s'", mysql_real_escape_string ( $_SERVER ['AUTH_USER'] ) ) );

while($row = mysql_fetch_array($result)) 
    echo '<li><a href="', htmlentities($row['linkaddress']), '">', htmlentities($row['linkname']), '</a></li>'; 

echo '</ul>'; 
?> 

<form action="" method="post"> 
 <fieldset> 
  <legend>Add a Link</legend> 
  Address: <input type="text" name="linkaddress" /><br /> 
  Name: <input type="text" name="linkname" /><br /> 
  <input type="submit" value="Add" /> 
 </fieldset> 
</form>
4

3 回答 3

1

您遇到一些单引号'问题

代替

   mysql_query('INSERT INTO userlinks (username, linkaddress, linkname) VALUES (\'' . mysql_real_escape_string($_SERVER['AUTH_USER']) . '\', \'' . mysql_real_escape_string($_POST['linkaddress']) . '\', \'' . mysql_real_escape_string($_POST['linkname']) . '\''); 


$sql = "INSERT INTO userlinks (username, linkaddress, linkname) VALUES ('%s','%s','%s')";
mysql_query ( sprintf ( $sql, mysql_real_escape_string ( $_SERVER ['AUTH_USER'] ), mysql_real_escape_string ( $_POST ['linkaddress'] ), mysql_real_escape_string ( $_POST ['linkname'] ) ) );

代替

$result = mysql_query('SELECT linkaddress, linkname FROM userlinks WHERE username = \'' . mysql_real_escape_string($_SERVER['AUTH_USER']) . '\'');


$result = mysql_query ( sprintf ( "SELECT linkaddress, linkname FROM userlinks WHERE username = '%s'", mysql_real_escape_string ( $_SERVER ['AUTH_USER'] ) ) );

此代码可能会帮助您找到错误

error_reporting(E_ALL);
ini_set('display_errors','On');

$dbl = mysql_connect ( 'localhost', 'USERNAME', 'PASSWORD' ) or die ( 'failed to connect to mysql' );
mysql_select_db ( 'linksdatabase' ) or die ( 'failed to select database' );

if (count ( $_POST ) < 1) {
    var_dump ( "Nothign was posted" );
} else {
    var_dump ( $_POST );
}

if (isset ( $_POST ['linkaddress'] ) && isset ( $_POST ['linkname'] )) {
    $sql = "INSERT INTO userlinks (username, linkaddress, linkname) VALUES ('%s','%s','%s')";
    mysql_query ( sprintf ( $sql, mysql_real_escape_string ( $_SERVER ['AUTH_USER'] ), mysql_real_escape_string ( $_POST ['linkaddress'] ), mysql_real_escape_string ( $_POST ['linkname'] ) ) );

    if (mysql_errno ()) {
        var_dump ( "MySQL error " . mysql_errno () . ": " . mysql_error () );
    } else {
        var_dump ( "OK Insert" );
    }

}

echo '<p>Links:</p><ul>';

$result = mysql_query ( sprintf ( "SELECT linkaddress, linkname FROM userlinks WHERE username = '%s'", mysql_real_escape_string ( $_SERVER ['AUTH_USER'] ) ) );

if (mysql_errno ()) {
    var_dump ( "MySQL error " . mysql_errno () . ": " . mysql_error () );
} else {
    var_dump ( "OK Select" );
}

while ( $row = mysql_fetch_array ( $result ) )
    echo '<li><a href="', htmlentities ( $row ['linkaddress'] ), '">', htmlentities ( $row ['linkname'] ), '</a></li>';
echo '</ul>';
于 2012-04-08T12:27:02.593 回答
0

)您在查询末尾缺少一个右括号。

mysql_query('INSERT INTO userlinks (username, linkaddress, linkname) VALUES (\'' . mysql_real_escape_string($_SERVER['AUTH_USER']) . '\', \'' . mysql_real_escape_string($_POST['linkaddress']) . '\', \'' . mysql_real_escape_string($_POST['linkname']) . '\')');
于 2012-04-08T12:32:53.910 回答
0

不是一个完整的答案,但在开发时尝试换行 - 让您的生活更轻松(在 IDE 中)和我们的生活(在此处粘贴代码时):

$sql = "
    INSERT INTO userlinks
    (username, linkaddress, linkname)
    VALUES ('%s','%s','%s')
";
mysql_query(
    sprintf(
        $sql,
        mysql_real_escape_string( $_SERVER ['AUTH_USER'] ),
        mysql_real_escape_string( $_POST ['linkaddress'] ),
        mysql_real_escape_string( $_POST ['linkname'] )
    )
);

这使得无需水平滚动即可轻松阅读所有内容,并且也使检查括号匹配变得简单。

于 2012-04-08T13:39:55.053 回答