目前我遇到了一个问题,不允许我将网站上的表单中的内容插入到我的数据库中。该表单以前可以使用,但是自从添加了 tinyMCE 编辑器后,当我点击提交按钮时,它会引发以下错误:
您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在 'category='sdcnd j sdjcj', type='sdck sjdc' ,text=' 附近使用正确的语法
cdscjdnjc ' 在第 1 行(乱码输入仅用于测试目的)
似乎在这里插入几个字段时遇到问题,但我找不到任何东西,有人能指出是什么原因导致这个问题和可能的解决方案吗?
请参阅下面的 insertRecord.php 文件:
<?php
session_start();
if (! isset($_SESSION['user'])) {
header("Location: admin_login.php");
}
function valid($id, $url, $heading, $friendlyUrl, $category, $type, $text, $age, $imageName, $location, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Insert Records</title>
<script type="text/javascript" src="/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script type="text/javascript">
tinyMCE.init({
mode : "textareas"
});
</script>
</head>
<body>
<?php
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<table border="1">
<tr>
<td colspan="2"><b><font color='Red'>Insert Records </font></b></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>URL<em>*</em></font></b></td>
<td><label>
<input type="text" name="url" value="<?php echo $url; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Heading<em>*</em></font></b></td>
<td><label>
<input type="text" name="heading" value="<?php echo $heading; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Friendly URL<em>*</em></font></b></td>
<td><label>
<input type="text" name="friendlyUrl" value="<?php echo $friendlyUrl; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Category<em>*</em></font></b></td>
<td><label>
<input type="text" name="category" value="<?php echo $category; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Type<em>*</em></font></b></td>
<td><label>
<input type="text" name="type" value="<?php echo $type; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Text<em>*</em></font></b></td>
<td><label>
<textarea name="text" value="<?php echo $text; ?>" ></textarea>
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Age<em>*</em></font></b></td>
<td><label>
<input type="text" name="age" value="<?php echo $age; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Image Name<em>*</em></font></b></td>
<td><label>
<input type="text" name="imageName" value="<?php echo $imageName; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Location<em>*</em></font></b></td>
<td><label>
<input type="text" name="location" value="<?php echo $location; ?>" />
</label></td>
</tr>
<tr align="Right">
<td colspan="2"><label>
<input type="submit" name="submit" value="Insert Records">
</label></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
include('config.php');
if (isset($_POST['submit']))
{
$id = $_POST['id'];
$url = mysql_real_escape_string(htmlspecialchars($_POST['url']));
$heading = mysql_real_escape_string(htmlspecialchars($_POST['heading']));
$friendlyUrl = mysql_real_escape_string(htmlspecialchars($_POST['friendlyUrl']));
$category = mysql_real_escape_string(htmlspecialchars($_POST['category']));
$type = mysql_real_escape_string(htmlspecialchars($_POST['type']));
$text = mysql_real_escape_string(htmlspecialchars($_POST['text']));
$age = mysql_real_escape_string(htmlspecialchars($_POST['age']));
$imageName = mysql_real_escape_string(htmlspecialchars($_POST['imageName']));
$location = mysql_real_escape_string(htmlspecialchars($_POST['location']));
if ($url == '' || $heading == '' || $friendlyUrl == '' || $category == '' || $type == '' || $text == '' || $age == '' || $imageName == '' || $location == '')
{
$error = 'Please enter the details!';
valid($id, $url, $heading, $friendlyUrl, $category, $type, $text, $age, $imageName, $location, $error);
}
else
{
mysql_query("INSERT podContent SET url='$url', heading='$heading' ,friendlyUrl='$friendlyUrl' category='$category', type='$type' ,text='$text' age='$age', imageName='$imageName' ,location='$location'")
or die(mysql_error());
header("Location: view.php");
}
}
else
{
valid('','','','');
}
?>
任何贡献表示赞赏。谢谢