0

目前我遇到了一个问题,不允许我将网站上的表单中的内容插入到我的数据库中。该表单以前可以使用,但是自从添加了 tinyMCE 编辑器后,当我点击提交按钮时,它会引发以下错误:

您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在 'category='sdcnd j sdjcj', type='sdck sjdc' ,text=' 附近使用正确的语法

cdscjdnjc ' 在第 1 行(乱码输入仅用于测试目的)

似乎在这里插入几个字段时遇到问题,但我找不到任何东西,有人能指出是什么原因导致这个问题和可能的解决方案吗?

请参阅下面的 insertRecord.php 文件:

<?php

session_start();

if (! isset($_SESSION['user'])) {
   header("Location: admin_login.php");
}

function valid($id, $url, $heading, $friendlyUrl, $category, $type, $text, $age, $imageName, $location, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Insert Records</title>
<script type="text/javascript" src="/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>

<script type="text/javascript">
tinyMCE.init({
    mode : "textareas"
});
</script>
</head>
<body>
<?php

if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>

<form action="" method="post">
<table border="1">
<tr>
<td colspan="2"><b><font color='Red'>Insert Records </font></b></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>URL<em>*</em></font></b></td>
<td><label>
<input type="text" name="url" value="<?php echo $url; ?>" />
</label></td>
</tr>

<tr>
<td width="179"><b><font color='#663300'>Heading<em>*</em></font></b></td>
<td><label>
<input type="text" name="heading" value="<?php echo $heading; ?>" />
</label></td>
</tr>

<tr>
<td width="179"><b><font color='#663300'>Friendly URL<em>*</em></font></b></td>
<td><label>
<input type="text" name="friendlyUrl" value="<?php echo $friendlyUrl; ?>" />
</label></td>
</tr>

<tr>
<td width="179"><b><font color='#663300'>Category<em>*</em></font></b></td>
<td><label>
<input type="text" name="category" value="<?php echo $category; ?>" />
</label></td>
</tr>

<tr>
<td width="179"><b><font color='#663300'>Type<em>*</em></font></b></td>
<td><label>
<input type="text" name="type" value="<?php echo $type; ?>" />
</label></td>
</tr>

<tr>
<td width="179"><b><font color='#663300'>Text<em>*</em></font></b></td>
<td><label>
<textarea name="text" value="<?php echo $text; ?>" ></textarea>
</label></td>
</tr>

<tr>
<td width="179"><b><font color='#663300'>Age<em>*</em></font></b></td>
<td><label>
<input type="text" name="age" value="<?php echo $age; ?>" />
</label></td>
</tr>

<tr>
<td width="179"><b><font color='#663300'>Image Name<em>*</em></font></b></td>
<td><label>
<input type="text" name="imageName" value="<?php echo $imageName; ?>" />
</label></td>
</tr>

<tr>
<td width="179"><b><font color='#663300'>Location<em>*</em></font></b></td>
<td><label>
<input type="text" name="location" value="<?php echo $location; ?>" />
</label></td>
</tr>

<tr align="Right">
<td colspan="2"><label>
<input type="submit" name="submit" value="Insert Records">
</label></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}

include('config.php');

if (isset($_POST['submit']))
{

$id = $_POST['id'];  
$url = mysql_real_escape_string(htmlspecialchars($_POST['url']));
$heading = mysql_real_escape_string(htmlspecialchars($_POST['heading']));
$friendlyUrl = mysql_real_escape_string(htmlspecialchars($_POST['friendlyUrl']));
$category = mysql_real_escape_string(htmlspecialchars($_POST['category']));
$type = mysql_real_escape_string(htmlspecialchars($_POST['type']));
$text = mysql_real_escape_string(htmlspecialchars($_POST['text']));
$age = mysql_real_escape_string(htmlspecialchars($_POST['age']));
$imageName = mysql_real_escape_string(htmlspecialchars($_POST['imageName']));
$location = mysql_real_escape_string(htmlspecialchars($_POST['location']));

if ($url == '' || $heading == '' || $friendlyUrl == '' || $category == '' || $type == '' || $text == '' || $age == '' || $imageName == '' || $location == '')
{

$error = 'Please enter the details!';

valid($id, $url, $heading, $friendlyUrl, $category, $type, $text, $age, $imageName, $location, $error);
}
else
{

mysql_query("INSERT podContent SET url='$url', heading='$heading' ,friendlyUrl='$friendlyUrl' category='$category', type='$type' ,text='$text' age='$age', imageName='$imageName' ,location='$location'")
or die(mysql_error());

 header("Location: view.php");
}
}
else
{
valid('','','','');
}
?>

任何贡献表示赞赏。谢谢

4

2 回答 2

2

Missing a comma:

friendlyUrl='$friendlyUrl', category='$category' and

text='$text', age='$age'

于 2013-02-24T01:05:42.500 回答
0

Your insert statement is incorrect. It should look like:

insert into <tablename>
(field1, field2, field3)
values 
(1, 'string ', 'string')

Your insert is done like an update statement

update <tablename> 
set
field2 = 'string',
field3 = 'string'
where field1 = 1
于 2013-02-24T01:07:51.807 回答