-2

我想将 PDO 放入我的代码中,但我不知道将允许我这样做的编码放在哪里。我希望名称字段中的帖子能够输入为“mike's”,但当前设置不允许这样做。我需要 PDO,但我似乎无法找到应该放置代码的确切位置。

if (isset($_POST['submit'])) {
    $name = $_POST["element_1"];
    $stdatemm = $_POST["element_2_1"];
    $stdatedd = $_POST["element_2_2"];
    $stdateyy = $_POST["element_2_3"];
    $endatemm = $_POST["element_3_1"];
    $endatedd = $_POST["element_3_2"];
    $endateyy = $_POST["element_3_3"];
    $staddr = $_POST["element_4_1"];
    $addr2 = $_POST["element_4_2"];
    $city = $_POST["element_4_3"];
    $state = $_POST["element_4_4"];
    $zip = $_POST["element_4_5"];
    $desc = $_POST["element_5"];
//$file=$_FILES['element_6'];
    $link = $_POST["element_7"];
    $stdate = $stdatemm . "-" . $stdatedd . "-" . $stdateyy;
    $endate = $endatemm . "-" . $endatedd . "-" . $endateyy;
    $user = $_POST["postuser"];
    if (($_FILES['element_6']['size']) > '0') {

        $fileName = $_FILES['element_6']['name'];
        $tmpName = $_FILES['element_6']['tmp_name'];
        $fileSize = $_FILES['element_6']['size'];
        $fileType = $_FILES['element_6']['type'];

        if ($fileName != "") {
            if (move_uploaded_file($tmpName, '../login/image/' . $fileName)) {//image is a folder in which you will save image
                if (!get_magic_quotes_gpc()) {

//$fileName = addslashes($fileName);
                }
                $query = "INSERT INTO   test2($name,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user)VALUES('$name','$stdate','$endate','$staddr','$addr2','$city','$state','$zip','$fileName','$fileSize','$fileType','$content','$_POST[element_7]','$desc','$user')";
            }
        }
    }
    else
        $query = "INSERT INTO test2($name,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user)VALUES('$name','$stdate','$endate','$staddr','$addr2','$city','$state','$zip',' ','0',' ',' ','$_POST[element_7]','$desc','$user')";

    $q2 = mysql_query($query) or die('Error, query failed' . mysql_error());
    if ($q2) {
        echo "Active";
    } else {
        echo "error";
    }
}
$result = mysql_query("SELECT * FROM test2 ORDER BY stdate DESC");
$data = mysql_query("SELECT stdate FROM test2 ORDER BY id ASC");
$y = 1;
echo "<div style='min-height:500px;margin-top: 10px;'><table style='-moz-border-radius:  15px;border-radius: 15px;border-bottom:1px solid gray;background-color:white;margin:  auto;width: 75%;'><tr style='font-weight:bold;'><td></td><td>Title</td><td>Date</td> <td>City</td></tr>";

while ($row = mysql_fetch_array($result)) {
    echo "<tr><td><img src='../login/image/" . $row['name'] . "'  style='width: 125px;height: 94px;'></td>";
    echo "<td><form action='deals.php' method='post' style='margin:0px;'><input type='hidden' value='" . $row['fname'] . "' name='name'><input type='submit' style='background-color: white;
border: none;color: #FF0000;text-decoration: underline;' name='submit2'     value='" . $row['fname'] . "'></form><br/>";
    echo "</td><td>" . $row['stdate'] . "</td>";
    echo "</td><td>" . $row['city'] . "</td></tr>";
    $y++;
}
echo "</table></div>";
include("../login/footer.php");
?>
4

1 回答 1

1

您可以做的是使用 PDO 包装器。是我之前写过的一个示例(如果您愿意,可以使用它,假设您可以使用 GPL)。在正常使用中,您将包含该文件,然后实例化它的一个实例。

$dbi = DBConnection::getInstance();
$username = sanitize($_GET['username']);

$query = "SELECT * FROM Users WHERE Username=?";
$args = array($username);
$users = $dbi->execute($query, $args);
if($users['count'] > 0)
{
    foreach($users['result'] as $row)
    {
        echo $row['username'] . '<br />';
    }
}
$dbi = null;

您的查询之一的示例可能如下所示:

$query = "INSERT INTO test2(name, stdate, endate, addr1, addr2, city, state, "
             . "zip, name, size, type, content, link, description, user)"
             . " VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";

$args = array($name, $stdate, $endate, $staddr, $addr2, $city, $state,
                $zip, $fileName, $fileSize, $fileType, $content, 
                $_POST['element_7'], $desc, $user);
try {
    $dbi = DBConnection::getInstance();
    $dbi->execute($query, $args);
}
catch(PDOException $e) {
    error_log($e->getMessage());
}
$dbi = null;
于 2013-08-17T06:04:22.730 回答