1

我有一个用于向博客添加文章的小表单,表单处理是通过 JQuery

查询代码

 $(function() {$(".submit").click(function() {
var title = $("#title").val();
var article = $("#article").val();
var tags = $("#tags").val();
var category = $("#category").val();
var subcategory = $("#subcategory").val();
var username = $("#username").val();
var views = $("#views").val();
var earning = $("#earning").val();
var dataString = 'title='+ title + '&article='+ article + '&tags='+ tags + '&category=' + category + '&subcategory=' + subcategory + '&username=' + username + '&views=' + views + '&earning=' + earning;

if(title=='' || article=='' || tags=='' || category=='' || subcategory=='' || username=='' || views=='' || earning=='')
{

            $("#message-fail").fadeIn("slow");

setTimeout(function(){
    $("#message-fail").fadeOut("slow");
},5000);
}
else
{
$.ajax({
type: "POST",
url: "inc/add-article.php",
data: dataString,
success: function showSuccessMessage(){
        $("#message-success").fadeIn("slow");
                                    setTimeout(function(){


    $("#message-success").fadeOut("slow");
},5000);   
                                }
});
}
return false;
});
});

这是我的 add-article.php 文件

<?php









if($_POST)

{
$title=$_POST['title'];

$article= $_POST['article'];




$tags=$_POST['tags'];

$category=$_POST['category'];

$subcategory=$_POST['subcategory'];

$username=$_POST['username'];

$views=$_POST['views'];

$earning=$_POST['earning'];


$date = date('d-m-Y H:i:s');





$link = mysql_connect('localhost', 'root', 'bfggyys');

if (!$link) {

    die('Verbindung nicht möglich : ' . mysql_error());

}



// benutze Datenbank foo

$db_selected = mysql_select_db('blog', $link);

if (!$db_selected) {

    die ('Kann foo nicht benutzen : ' . mysql_error());

}

mysql_query("INSERT INTO articles SET title='".mysql_real_escape_string($title)."', article='".$article2."', tags='".mysql_real_escape_string($tags)."', category='".mysql_real_escape_string($category)."', subcategory='".mysql_real_escape_string($subcategory)."', username='".mysql_real_escape_string($username)."', views='".mysql_real_escape_string($views)."', earning='".mysql_real_escape_string($earning)."', date='".mysql_real_escape_string($date)."'");

}else { }



?>

我的问题是我不知道如何将文章中的值转换为正确的方式将其插入数据库,如果我现在插入一个帖子值不能插入,因为它停止在第一个空格符号上插入 mysql。我怎样才能正确地将它转义插入mysql数据库?

4

0 回答 0