新闻脚本插入新闻数据,但不编辑新闻
[英]News script inserting news data, but not editing news
问题描述
So I've got this code working so it can insert news into it's table, but the problem is the editing news afterwards if need be. 
因此,我已经使该代码正常工作,因此可以将新闻插入表中,但是问题是如果需要,可以在以后编辑新闻。
I've been trying different ways, but it seems to not be working full stop. 我一直在尝试不同的方法,但似乎不能完全停止工作。
<?
if(!$id)
echo("Please choose a page to edit..");
elseif($id==edit)
{
$select = mysql_query("select * from news where newsid = '$id'");
$article = mysql_fetch_array($select);
?>
<form action="edit-news.php?id=edited" method="post">
Title:<br />
<input name="readuser" type="text" value="<? echo("$article[title]");?>" size="70" />
Article Content:<br />
<textarea name="pageuser" cols="40" rows="6"><? echo("$article[text1]");?></textarea>
<br />
<br />
<input type="submit" value="Update article" />
</form>
<?
}
elseif($page==edited)
{
$text1 = $_POST[pageuser];
$title = $_POST[readuser];
$updateit = mysql_query("update news set text1 = '$text1' AND title = '$title' where newsid = $id");
echo("Article updated");
}
?>
I get no error messages when visiting the page anymore (thankfully!!!) but it's just not editing the articles. 再次访问该页面时,我没有收到任何错误消息(谢谢!!!),但这只是不编辑文章。
2 个解决方案
解决方案1
3 2012-12-19 08:07:51
Assign a value to your text inputs and textareas so that they will display the article for editing: 为您的文本输入和文本区域分配一个值,以便它们将显示文章以供编辑:
<input name="title" size="40" maxlength="255" value="<?php echo htmlspecialchars($title); ?>">
<textarea name="text1" rows="7" cols="30"><?php echo htmlspecialchars($text1); ?></textarea>
<textarea name="text2" rows="7" cols="30"><?php echo htmlspecialchars($text2); ?></textarea>
Also change <?php echo $PHP_SELF ?> to: 还要将<?php echo $PHP_SELF ?>更改为:
<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>
Side note: mysql_* is deprecated, use MySQLi or PDO with prepared statements. 旁注:不建议使用mysql_* ,将MySQLi或PDO与已准备好的语句一起使用。 Your query is vulnerable to SQL Injection. 您的查询容易受到SQL注入的攻击。 A quick fix would be: 一个快速的解决方法是:
mysql_query("SELECT * FROM news WHERE newsid='" . (int)$_GET['newsid'] . "'",$connect);
Also mysql_real_escape_string() is better than mysql_escape_string() because the latter doesn't respect the character set. 另外, mysql_real_escape_string()比mysql_escape_string()更好,因为后者不尊重字符集。 Neither are better than a prepared statement though. 但是,这两者都不比准备好的陈述更好。
解决方案2
0 2012-12-19 08:15:47
尝试这个:
UPDATE news SET title = '$title', dtime = NOW(), text1 = '$text1', text2 = '$text2' WHERE newsid = '$newsid'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.