[英]Content Won't Update PHP & SQL
I have been working on small site admin but have run into an odd issue. 我一直在从事小型网站管理员的工作,但遇到了一个奇怪的问题。 I am able to pull content from the data base in but can't seem to get it to update and insert it into the data base. 我能够从数据库中提取内容,但似乎无法更新它并将其插入数据库。 I would be thankful if anyone can look at this code and see why the content won't update. 如果有人可以看一下这段代码,看看为什么内容不会更新,我将非常感激。 Here is the page code. 这是页面代码。 I must be missing something. 我肯定错过了什么。
<?php include("../inc/approve-admin.php"); ?>
<?php include("../inc/connect.php"); ?>
<?php
$result = mysql_query("SELECT * FROM inventory ORDER BY id");
?>
<? while ($row = mysql_fetch_assoc($result)) {
$id = $row['id'];
$information = $row['information'];
$link = $row['link'];
$title = $row['title'];
}
?>
<!DOCTYPE HTML>
<?php
$description = "Fashion Franchise";
$keywords = "Fashion Franchise";
$body = "home";
require ("../inc/header.php");
?>
<script src="../js/jquery.validate.js" type="text/javascript"></script>
<!-- for styling the form -->
<script src="../js/cmxforms.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
$("#addResource").validate();
});
</script>
<script type="text/javascript" src="../js/tiny_mce/tiny_mce.js" ></script>
<script type="text/javascript">
tinyMCE.init({
mode : "textareas"
});
</script>
<body id="<?php echo htmlentities("$body") ?>">
<div class="container_12">
<!-- Nav -->
<?php include("../inc/nav-admin.php"); ?>
<!-- / Nav -->
<div class="grid_12"> </div>
<div class="grid_12"> </div>
<!-- Adimn List -->
<?php include("../inc/admin-list.php"); ?>
<!-- / Adimn List -->
<div class="grid_7" id="white" style="min-height:400px;">
<p style="text-align:center;padding-top:20px;">
<?
if(isset($_POST['title'])) {
$information = $_POST['information'];
$link = $_POST['link'];
$title = $_POST['title'];
$query = mysql_query("UPDATE inventory SET
title = '$title',
information = '$information',
link = '$link'
WHERE id = $id LIMIT 1 ;");
if($query) {
$message = $title . " has been updated";
}else{
$message = "an error occurred while updating this entry";
}
}
?>
</p>
<? if(isset($_POST['title'])) { ?>
<div id="content_holder">
<p style="text-align:center;padding-top:20px;">
<strong><? echo $message; ?></strong><br/>
<span class="error"><? if($error_message) { echo $error_message; } ?></span>
Select a category on the left to continue editing</p>
<!-- end content_holder -->
</div>
<? }else{ ?>
<form action="inventory.php?id=<?=$id?>" enctype="multipart/form-data" name="addResource" id="addResource" method="post" class="cmxform">
<table cellpadding="10px;" cellspacing="5" width="100%" align="left" valign="top">
<tr><td colspan="2"><h1>Edit Inventory Resources</h1></td></tr>
<tr>
<td width="50%">
<span class="formTitle">General Information</span><br/>
<label>*Title</label><br/>
<input id="title" name="title" class="required" value="<?=$title?>"/>
</td>
<td width="50%"><br/>
<label>*Dropbox Link</label><br/>
<input id="link" name="link" class="required" value="<?=$link?>"/>
</td>
</tr>
<tr>
<td colspan="2">
<hr/>
</td>
</tr>
<tr><td colspan="2">
<textarea style="width: 510px; height: 400px; font-size: 12px;" id="information" name="information"><?=$information?></textarea>
</td></tr>
<tr>
<td colspan="2">
<hr/>
</td>
</tr>
<tr align="right"><td colspan="2">
<input type="submit" value="Update Inventory Resources" class="submit" /> <a href="index.php" class="cancel">Cancel</a><br/><br/>
</td></tr>
</form>
</table>
</div>
<?php include("../inc/footer.php"); ?>
<!-- / Container_12 -->
</div>
</body>
</html>
<?php
mysql_close();
?>
<? } ?>
The problem is a quote mark in your text: 问题是文本中的引号:
's standard dummy text ever since the 1500s, when an unknown printer took a galle 自1500年代以来的,它是标准的伪文本,当时一台未知的打印机冒着大风
Fastest solution is to escape everything before inserting into the table: 最快的解决方案是在插入表之前对所有内容进行转义:
$information_to_insert = mysql_real_escape_string($_POST['information']);
$link_to_insert = mysql_real_escape_string($_POST['link']);
$title_to_insert = mysql_real_escape_string($_POST['title']);
$id = (int)$id; // Cast this as an integer to also make it safe
$query = mysql_query("UPDATE inventory SET
title = '$title_to_insert',
information = '$information_to_insert',
link = '$link_to_insert'
WHERE id = $id LIMIT 1 ;");
Then, later where you display, you also need to make safe for display: 然后,在稍后显示的地方,还需要确保显示安全:
$information_to_display = htmlentities($_POST['information']);
$link_to_display = htmlentities($_POST['link']);
$title_to_display = htmlentities($_POST['title']);
BUT - check out PDO Prepared statements as advised in comments. 但是-请按照注释中的建议检出PDO准备好的语句。 Start now before you're forced to change all your code over in a few years. 从现在开始,然后在几年内您被迫更改所有代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.