1

正如标题中提到的,当我在我的 php 表单上单击提交时,登录页面是空白的,并且它没有向数据库提交日期。它以前有效(我一定做错了什么)并且实际上偶尔(极少)有效,尽管我不知道为什么。以下是表单的登录页面。下面是表格本身。我对此很陌生,因此感谢任何帮助/评论。

表单登陆页面

 <?php
    session_start();
    if(isset($_SESSION['myusername']))
    if ($_POST['title'] == '' or $_POST['story'] == '' or $_POST['city'] == '' or $_POST['province'] == '' ) {
    $_SESSION['error1'] = "All fields required!";
    header("Location: debate.php");
    print "issue";
    }
    else {
    include 'config.php';
    if (get_magic_quotes_gpc())
    {
    function stripslashes_deep($value)
    {
    $value = is_array($value)?
    array_map('stripslashes_deep',$value):
    stripslashes($value);
    return $value;
    }

    $_POST = array_map('stripslashes_deep',$_POST);
    $_GET = array_map('stripslashes_deep',$_GET);
    $_COOKIE = array_map('stripslashes_deep',$_COOKIE);
    $_REQUEST = array_map('stripslashes_deep',$_REQUEST);
    }
    $name = mysql_real_escape_string($_POST['title']);
    $content = mysql_real_escape_string($_POST['story']);
    $city = mysql_real_escape_string($_POST['city']);
    $province = mysql_real_escape_string($_POST['province']);
    $query = "INSERT INTO comments(commentusername, commentcontent, status, debateid, city, province) VALUES ('.$name.','.$content.','0','1','.$city.','.$province.')";
    $result=mysql_query($query,$conn);
    $_SESSION['error1'] = "Thank you for your submission!";
    header("Location: debate.php");
    print "issue";
    mysql_close();
    }?>

提交表格

提交表单编码。

<!-- comment form -->
<div style="position:absolute;left:600px;top:750px;border-style:solid;border-color:#970033;background-color:black;border-width:4px;">
<div align="center"><strong><font color="white"><b>Join the debate</b></font></strong></div>
<form action="cposting.php" method="post">
    <TABLE WIDTH="60%">
     <tr>
      <td>Name:<input type="text" name="title" SIZE="35"> </td>
 <tr>
      <td>City:<br><input type="text" name="city" SIZE="35"> </td>
     </tr>
<tr>
      <td>Province:<input type="text" name="province" SIZE="35"> </td>
     </tr>
     <tr><td>Comment<br></td></tr>
       <tr width="80%">

      <td><TEXTAREA NAME="story" ROWS="5" COLS="30"></TEXTAREA></td>
     </tr>
 <td><input type="submit" value="Post"></td></tr>
</table>
</form>

我真的很感谢你的帮助。谢谢!

下面的代码用于管理员审批页面。这是我第一次发布评论的地方(如果我让浏览器保持打开状态,还有后续的帖子),但不要在此之后发布。

<?php
session_start();
if(isset($_SESSION['myusername'])) 
if($_SESSION['myusername'] == "Bobert") {
?>
<html>
<title>Discourse Magazine</title>
<head>
</head>
<body background="" style="background: url() no-repeat;  background-size: 100%;">

<?php
include 'config.php';

print '<h4>'.'Welcome back:'.'&nbsp'.$_SESSION['myusername'].'</h4>';
?>
<div style="float:left;border-style:solid;border-width:2px;"><img style="z-index:1;height:200px;" src="/favicon.png" alt="" /></div><br><br><br><br><br><br><br><br><br><br><br><br><br>
Approving Comments (listed oldest to newest)
<?php
if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}


if ($conn) {

$SQL = "SELECT * FROM comments where status = '0' ORDER BY commentid";
$result = mysql_query($SQL,$conn) OR die(mysql_error());
while ($row = mysql_fetch_array($result)) {


$rows=mysql_num_rows($result);
$capproveidid = $row['commentid'];
$cdeleteid = $row['commentid'];
print '&nbsp';
print '<div style="background: url() no-repeat;overflow:auto;padding-top:3px;border-style:solid;border-width:5px;width:800px;">';
print '<p style="padding-left:5px;">'.'<u>'.'<strong>'. $row['commentusername'].'</strong>'.'</u>' .'<br>'. $row['commentcontent'] .'<br>'.'<br>'.'</p>';
?>

<form action="approve.php" method="post">
<input type="hidden" name="capproveidid" value="<?php echo $capproveidid;?>"/>
<input type="submit" value="Approve">
</form>
<form action="cdelete.php" method="post">
<input type="hidden" name="cdeleteid" value="<?php echo $cdeleteid;?>"/>
<input type="submit" value="Delete">
</form>

<?php
print '</div>';

}
}
else {
print "Database NOT Found ";
}
}
else{
header('Location: debate.php');
}
ob_end_flush();
?>
</body>
</html>
4

1 回答 1

1

您很可能没有正确格式化您的INSERT查询。通过在整个查询中使用双引号,您实际上是在发送...'.something.'....

您可以这样做:

$query = "INSERT INTO comments(commentusername, commentcontent, status, debateid, city, province) VALUES ('$name','$content','0','1','$city','$province')";

或这个:

$query = "INSERT INTO comments(commentusername, commentcontent, status, debateid, city, province) VALUES ('" . $name . "','" . $content . "','0','1','" . $city . "','" . $province . "')";

无论哪种方式,您都可以通过... or die(mysql_error());mysql_query. 此外,您可以只echo $query;查看正在发送的内容。

最后,您应该停止使用mysql_函数,因为它们已被弃用和使用mysqli_,或者PDO允许准备好的语句并防止 SQL 注入。

于 2012-11-28T18:36:07.217 回答