[英]Can Not Insert Link into MySql using Prepared Statement
I Have created a form, which inserts data into a MySQL database. 我已经创建了一个表单,该表单将数据插入到MySQL数据库中。 Here are the Form Fields, they are part of a
<form>
but, i have not displayed the whole form here, just the fields which are creating a problem. 这是表单字段,它们是
<form>
一部分,但是,我没有在此处显示整个表单,而只是在显示问题。
<tr> <td>Top 728x90 As</td><td><textarea name='topad'><?=$r['topad']?></textarea></td</tr>
<tr> <td>Sidebar 250x250 Ad</td><td><textarea name='sidebarad'><?=$r['sidebarad']?></textarea></td></tr>
This part of code processes the input and inserts it into the database. 这部分代码处理输入,并将其插入数据库。
if(isset($_POST['submit'])) {
$topad = $_POST['topad'];
$sidebarad = $_POST['sidebarad'];
$update = $connection->prepare("UPDATE site SET topad = '$topad' , sidebarad = '$sidebarad' WHERE id=1");
$update->execute(array());
}
The Problem with this code is, it is not accepting/processing the part of the data involving the <a href="#">
& </a>
code. 此代码的问题在于,它不接受/处理涉及
<a href="#">
& </a>
代码的部分数据。 This is not about escaping HTML characters, because all the other HTML tags like <img>
,etc are showing as it is, which is what I want. 这不是要转义HTML字符,因为所有其他HTML标签(例如
<img>
等)都按原样显示,这就是我想要的。
So, whenever I insert and <a>
tag, it just disappears, neither it get's inserted in the database nor it shows up in the form after pressing submit button. 因此,只要我插入和
<a>
标记,它就会消失,既不会插入数据库,也不会在按下提交按钮后显示在表单中。
UPDATE: When the link is inserted using Double Quotes, it gets accepted. 更新:使用双引号插入链接时,它会被接受。 If I use Single Quotes it is not processed.
如果我使用单引号,则不会处理。 Eg
<a href="someurl">
will be accepted in the DB, while <a href='someurl'>
will not. 如
<a href="someurl">
将在数据库中被接受,而<a href='someurl'>
不会。
Why does this error happen ? 为什么会发生此错误?
The reason is because you are using prepared statement but the values are not parameterized. 原因是因为您使用的是预处理语句,但未对值进行参数化。 Try below,
试试下面,
$topad = $_POST['topad'];
$sidebarad = $_POST['sidebarad'];
$update = $connection->prepare("UPDATE site SET topad = :topad , sidebarad = :sidebarad WHERE id=1");
$update->execute(array(':topad' => $topad, ':sidebarad' => $sidebarad));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.