-2

我现在正在制作一些涉及用户放置状态的东西,但是每当用户使用撇号或双引号放置状态时,他们都会出错。

任何人都可以帮忙吗?谢谢!ps“你的帖子没有太多的上下文来解释代码部分;请更清楚地解释你的场景。”

我的 get-posts.php

<?php

require('database/connect.php');

$result = mysql_query("SELECT * FROM posts ORDER BY date DESC");

while($row = mysql_fetch_array($result)) {

$email = $row['email'];

// To find username

$username = mysql_query("SELECT name FROM users WHERE email = '$email'");

$name = mysql_fetch_assoc($username);

// To make the date look prettier

$id = $row['id'];

$date_get = mysql_query("SELECT date FROM posts WHERE id='$id'");

$time = mysql_fetch_assoc($date_get);

$mysqldate = $time['date'];

$phpdate = strtotime( $mysqldate );

$DayMonthDay = date('l, F j', $phpdate);

$HourMinutePMAM = date('g:ia', $phpdate);

$date = $DayMonthDay." at ".$HourMinutePMAM;

echo "<div class='home-echoed-posts'>";

echo "<a href='#' class='home-echoed-posts-name'>".$name['name']."</a> ";

echo "<div class='home-echoed-posts-post'>".nl2br(stripslashes($row['post']))."</div>";

echo "<div class='home-echoed-posts-date'>".$date."</div>";

echo "</div>";

} 



?>

和 post.php:

<?php
session_start();
require('database/connect.php');

if(empty($_POST['post'])){
    header('Location: home.php');
    }

$post = $_POST['post'];

$useremail =  $_SESSION['email'];

$result = mysql_query("INSERT INTO posts (post, email) VALUE ('$post', '$useremail')");

if($result==1) {
    header('Location: home.php');
    }else{
    die('We have experienced some technical problems, please try again');
    }
?>
4

1 回答 1

1

也许您需要逃避用户的输入?

在 PHP 中有addslashes ($user_status)

参考是: http: //php.net/manual/en/function.addslashes.php

如果您使用的是 DBMS,请务必在将状态保存到数据库之前使用 DBMS 特定的转义:

  • mysql_real_escape_string() 用于 MySQL
  • pg_escape_string() 用于 PostgreSQL
于 2012-06-14T05:08:04.903 回答