0

我很久以前创建了这段代码而且我在日常使用后开始注意到它不会输入某些类型的数据。例如,当我从http://en.wikipedia.org/wiki/Pangram复制所有 panagram 时,它不会工作,它会拉出定义的错误“提交数据时出错”。我没有从 PHP 本身得到“真正的”错误。为什么这不能正常工作?谢谢您的帮助。看不见的变量..
$db = mysqli_connect('localhost','xx','xxx','xxxx') or die('error with connection');

提交系统

session_start();
if(!isset($_SESSION['user_id'])){
    header('Location: login.php');
    exit();
}
include('../includes/db_connect.php');
if(isset($_POST['submit'])){
    $newTitle = $_POST['newTitle'];
    $newPost = $_POST['newPost'];
    $newPostPreview = $_POST['newPostPreview'];
    $newCategory = $_POST['newCategory'];
    if(!empty($newPost))
        if(!empty($newTitle))
            if(!empty($newPostPreview)){
    $sql="INSERT INTO posts  (title, body, post_preview, category_id, posted)
VALUES('$newTitle', '$newPost', '$newPostPreview', '$newCategory', (now()))";
    $query = $db->query($sql);
    if($query){
            echo "Post entered to database";
        }else{
            echo "Error Submitting the data";
        }
    }else{
        echo "One Or more Required forms was not filled!";
    }
}

文本区域和东西

    <br><textarea name="newPostPreview" placeholder="Post Preview(Will Be Displayed on the Index Page)" cols="100"  rows="10"/></textarea>
<br><textarea name="newPost" placeholder="Post Text" cols="100"  rows="10"/></textarea><br>

<input type="submit" name="submit" value="submit"/>

请注意,它只适用于纯文本和英文内容,但有时它不会无缘无故地工作(只是普通的英文帖子,其中几乎没有格式,不会提交..)

4

1 回答 1

1

当您尝试插入具有特殊字符的字符串时,通常会出现此类问题。因此,我想建议在访问帖子值时使用 php 函数 mysql_real_escape_string(),例如:-

$newTitle = mysql_real_escape_string($_POST['newTitle']);

$newPost = mysql_real_escape_string($_POST['newPost']);

$newPostPreview = mysql_real_escape_string($_POST['newPostPreview']);

$newCategory = mysql_real_escape_string($_POST['newCategory']);

希望这会奏效

谢谢

于 2013-09-30T14:17:17.367 回答