[英]Textarea breaking MySQL UPDATE query
是否存在一個普遍的問題,如果它的文本多於單個句子,會導致我的文本區域中斷更新查詢?
當我僅輸入一個句子時,更新查詢運行良好,但除句子之外的任何內容都使查詢中斷。
這是表單代碼:
<form id="cp_files_admin_form" method="post" enctype="multipart/form-data">
<label>File Manager Login Text</label>
<input id="login_text" type="text" name="login_text" value="File Manager Login">
<hr>
<label>File Manager Login Logo</label>
<input id="login_logo" type="file" name="login_logo">
<hr>
<label>Main Left Logo</label>
<input id="main_left_logo" type="file" name="main_left_logo">
<hr>
<img class="form-img" src="" alt="">
<label>Main Center Logo</label>
<input id="main_center_logo" type="file" name="main_center_logo">
<hr>
<label>File Manager Instructions Text</label>
<textarea id="instructions_text" name="instructions_text" style="width:630px;height:150px;"></textarea>
<input id="submit" type="submit" value="Submit">
</form>
這是jQuery代碼:
$(document).ready(function() {
// Update CMS
$(document).on('click', '#submit', function() { // catch the form's submit event
// Send data to server through the ajax call
// action is functionality we want to call and outputJSON is our data
// fetch the data for the form
var data = $('#cp_files_admin_form').serialize();
console.log('Form Data Before Sent: '+data);
$.ajax({
url: 'update.php',
data: data,
type: 'GET',
async: 'true',
dataType: 'json',
success: function (result) {
if(result.status) {
alert('CMS Update Successful!');
getCMS();
} else {
alert('CMS Update unsuccessful!');
}
},
error: function (request,error) {
// This callback function will trigger on unsuccessful action
alert('Network error has occurred please try again!');
}
});
return false; // cancel original event to prevent form submitting
});
});
這是update.php代碼:
<?php
header("Access-Control-Allow-Origin: *");
require_once("debug/chromephp.php");
$formData = $_GET;
ChromePhp::log('$_GET Data: '.$formData['instructions_text']);
require_once("config.php");
$login_text = $formData['login_text'];
//$login_logo = $formData['login_logo'];
//$main_left_logo = $formData['main_left_logo'];
//$main_center_logo = $formData['main_center_logo'];
$instructions_text = $formData['instructions_text'];
$sql="UPDATE cp_cms SET login_text='$login_text', instructions_text='$instructions_text' WHERE id = 1";
$result = mysql_query($sql);
if($result) {
// Success
$output = array('status' => true, 'massage' => 'Success!');
echo json_encode($output);
} else {
// Failed
$output = array('status' => false, 'massage' => 'Failed!');
echo json_encode($output);
}
?>
表結構的屏幕截圖:
任何幫助深表感謝。
嘗試此操作,它可以防止表單中的條目破壞SQL查詢。 這也稱為SQL注入攻擊...
$sql="UPDATE cp_cms SET login_text='".
mysql_real_escape_string($login_text)."', instructions_text='".
mysql_real_escape_string($instructions_text)."' WHERE id = 1";
但是請看一下PDO,它更安全,更容易...
編輯:我挖了一些PDO示例: http : //www.phpeveryday.com/articles/PDO-Prepared-Statement-P552.html
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.