0

我正在尝试用信息呼应表格,特别是帖子。

<?php
echo "
<div class='forum_banner'>
    <div style='float:left;'>
        <a href='?action=forum'>Forum</a>
        >
        <a href='?action=forum#".fetch_info(fetch_info(fetch_info($_GET['id'], 'board_id', 'topic'), 'category_id', 'board'), 'name', 'category')."'>".fetch_info(fetch_info(fetch_info($_GET['id'], 'board_id', 'topic'), 'category_id', 'board'), 'name', 'category')."</a>
        >
        <a href='?action=board&id=".fetch_info($_GET['id'], 'board_id', 'topic')."'>".fetch_info(fetch_info($_GET['id'], 'board_id', 'topic'), 'name', 'board')."</a>
        >
        <a href='?action=topic&id=".$_GET['id']."'>".fetch_info($_GET['id'], 'name', 'topic')."</a>
    </div>";
    if (isset($_SESSION['id']))
    {
        echo "
        <div style='float:right;'>
            <form method='post' action='?action=create&type=reply&id=".$_GET['id']."'>
                <input type='submit' value='Reply'/>
            </form>
        </div>";
    }
    echo "
</div>";


echo "
<div class='content'>
    <table class='forum_table'>";
        $query = mysql_query("SELECT * FROM post WHERE topic_id='".$_GET['id']."' ORDER BY time ASC") or die(mysql_error());

        echo "
        <tr>
            <td class='table_header' colspan='2'>
                <b>".fetch_info($_GET['id'], 'name', 'topic')."</b>
            </td>
        </tr>";
        while($query_fetch = mysql_fetch_assoc($query))
        {
            echo "
            <tr>
                <td class='forum_table_cell_post' width='25%'>
                    <ul class='post_info'>
                        <li><b><a href='?action=user&id=".$query_fetch['creator']."'>".fetch_info($query_fetch['creator'], 'name', 'user')."</a></b></li>
                        <li>".fetch_info($query_fetch['creator'], 'rank', 'user')."</li>
                        <li style='max-width:128px; max-height:128px; overflow:hidden;'><img src='".fetch_info($query_fetch['creator'], 'avatar', 'user')."' /></li>
                        <li>Posts: ".count_post($query_fetch['creator'])."</li>
                        <li>Reputation: ".(fetch_info($query_fetch['creator'], 'reputation', 'user')>0 ? ('<font color="#007D00">+'.fetch_info($query_fetch['creator'], 'reputation', 'user').'</font>') : (fetch_info($query_fetch['creator'], 'reputation', 'user')<0 ? ('<font color="#7D0000">'.fetch_info($query_fetch['creator'], 'reputation', 'user').'</font>') : ('<font color="#000000">'.fetch_info($query_fetch['creator'], 'reputation', 'user').'</font>')))."</li>
                    </ul>
                </td>
                <td class='forum_table_cell_post' width='75%'>
                    <ul class='post_info'>
                        <li><i>".convert_date($query_fetch['time']) + ($query_fetch['edit']=='0000-00-00 00:00:00' ? '' : (', last edit: '.convert_date($query_fetch['edit'])))."</i></li>
                        <div class='spacer'></div>
                        <li>".$query_fetch['body']."</li>
                        ".(fetch_info($query_fetch['creator'], 'signature', 'user') ? '<div class=\'spacer\'></div>' : '')."
                        <li>".fetch_info($query_fetch['creator'], 'signature', 'user')."</li>
                    </ul>
                </td>
            </tr>
            ";
        }
        echo "
    </table>
</div>";
?>

这就是我最终得到的(HTML 输出):

<div class='forum_banner'>
    <div style='float:left;'>
        <a href='?action=forum'>Forum</a>
        >
        <a href='?action=forum#General'>General</a>
        >
        <a href='?action=board&id=1'>General discussion</a>
        >
        <a href='?action=topic&id=1'>First topic</a>
    </div>
        <div style='float:right;'>
            <form method='post' action='?action=create&type=reply&id=1'>
                <input type='submit' value='Reply'/>
            </form>
        </div>
</div>
<div class='content'>
    <table class='forum_table'>
        <tr>
            <td class='table_header' colspan='2'>
                <b>First topic</b>
            </td>
        </tr>0</i></li>
                        <div class='spacer'></div>
                        <li>Nice first post!</li>
                        <div class='spacer'></div>
                        <li>"Non incautus futuri"</li>
                    </ul>
                </td>
            </tr>
            0</i></li>
                        <div class='spacer'></div>
                        <li>This is the first topic ever made! This is the first topic ever made! This is the first topic ever made!</li>
                        <div class='spacer'></div>
                        <li>"Non incautus futuri"</li>
                    </ul>
                </td>
            </tr>

    </table>
</div>

php 文件在 index.php 中被“包含”,如下所示:“include 'topic.php'”,并且可以从我的数据库中回显出一个数据表。为什么会这样?另外,这是我的样式表:

body {margin:0; padding:0; width:100%; background-color:#F0F2F3; font-family: 'Calibri', sans-serif; font-size:16px; background-image:url(img/pattern.png); background-repeat:repeat;}

p {margin:0; padding:0 0 5px 0;}
a:link,a:visited {color:#003399; text-decoration:none;}
a:hover,a:active,a:focus {color:#FF9933;}
input[type='textbox'],input[type='password'] {margin:0; padding:2px; height:16px; border:1px solid #CCCCCC; background-color:#FFFFFF; color:#000000;}
input[type='submit'] {cursor:pointer; margin:0; height: 22px; padding:2px 6px; border:1px solid #CCCCCC; background-color:#FFFFFF; color:#000000;
-webkit-transition: background 0.4s linear, color 0.4s linear;
-moz-transition: background 0.4s linear, color 0.4s linear;}
input[type='submit']:hover,input[type='submit']:focus {background-color:#99CCCC; color:#FFFFFF;
-webkit-transition: background 0.4s linear, color 0.4s linear;
-moz-transition: background 0.4s linear, color 0.4s linear;}
img {margin:0; padding:0; border:none;}

.page_wrapper {margin:0 auto; padding:0; width:900px;}

#header_area {margin:0; padding:0; width:100%;}
#header_box {margin:0; padding:0; width:900px;}
#header {float:left; margin:30px auto; padding:0;}

#user_panel {float:right; margin:26px auto; height:40px;}

#menu {margin:0; padding:0; list-style-type:none; width:100%; border:1px solid #CCCCCC; border-bottom:none; background-color:#FFFFFF; overflow:hidden;}
#menu li {margin:0; padding:0;}
#menu a:link,#menu a:visited {float:left; margin:0; border-right:1px solid #CCCCCC; padding:10px 25px; color:#000000; background-color:#FFFFFF; text-decoration:none; font-weight:bold;
-webkit-transition: background 0.4s linear, color 0.4s linear;
-moz-transition: background 0.4s linear, color 0.4s linear;}
#menu a:hover,#menu a:active,#menu a:focus {background-color:#99CCCC; color:#FFFFFF;
-webkit-transition: background 0.4s linear, color 0.4s linear;
-moz-transition: background 0.4s linear, color 0.4s linear;}

#content_area {margin:0; padding:0; width:100%;}
#content_box {margin:0; padding:0; width:900px; border:1px solid #CCCCCC; background-color:#FFFFFF; overflow:hidden;}
#home_sidebar {margin:0; padding:0; width:30%; float:left;}
#home_content {margin:0; padding:0; width:70%; float:right;}
.content {height:2000px; margin:10px; padding:0; overflow:hidden;}

.small_box {margin:0 150px; padding:0; border:1px solid #CCCCCC;}

.forum_table {margin:0; padding:0; border:none; width:100%;}
.forum_table_cell {margin:0; padding:0px 10px; background-color:#F0F2F3; height:60px;}
.forum_table_cell_post {margin:0; padding:10px; background-color:#F0F2F3; vertical-align:text-top;}
.table_header {padding:0 10px; margin:0; height:30px; font-size:18px; background-color:#FF9933;}

.spacer {margin:5px 0; padding:0; border-top:1px solid #CCCCCC;}

.forum_banner {margin: 10px 10px 0 10px; overflow:hidden; height:22px;}

.post_info {list-style-type:none; padding:0; margin:0;}
.post_info li {margin:2px 0 0 0; padding:0; vertical-align:text-top;}
4

1 回答 1

1

html 看起来像一团糟。

您应该做的第一件事是确保生成有效的 html:

  • 不要将<div>元素作为<ul>;的直接子元素放入
  • 在您输出到 html 的所有变量上使用htmlspecialchars,以确保这些值不会破坏 html。
  • 使用&gt;代替>

此外,您的查询有一个 sql 注入孔。您应该使用准备好的语句和绑定变量切换到 PDO(或 mysqli)以避免这种情况,或者至少将您的$_GET变量转换int为整数/mysql_real_escape_string如果它是字符串则使用。

于 2013-02-09T14:05:55.747 回答