当前位置: 文江博客 话题详情

使用tiny mce作为富文本编辑器。尝试将代码示例添加为博客文章时出现错误。网站使用php-mysql

发布于 2024-11-29 06:57:01 字数 1574 浏览 1 评论 0 原文

我正在使用tinymce作为文本区域。将内容添加到数据库的php代码如下:

mysql_select_db('rough_site');
if(($_POST['post_content'] != ''))
{
$current_date= date("Y-m-d");
//$content_of_post = stripslashes($_POST['post_content']);
$content_of_post=$_POST['post_content'];
//$post_title=$_POST['post_title'];
if(($_POST['post_title']) =='')
{
$post_title="Untitled".time();
}
$addpost = "INSERT into posts (user_name, post_title ,                 post_content,post_total,post_date)
VALUES ( '$_SESSION[user_name]' , '$post_title' , '$content_of_post', 0  ,                '$current_date') " ;
if(!$confirmpost)
{
echo "Problem adding your post . Please resubmit it . " ."<br/>" . mysql_error();
}

现在,如果我尝试添加一些php代码作为示例,它会给我这样的错误:

添加您的帖子时出现问题。请重新提交。 您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,了解在“/em>”附近使用的正确语法); 打印$密码。 “是mypassword的加密版本&”在第 2 行。

这里出了什么问题?谢谢!

我想添加的示例代码:

<?php 
$password = crypt('mypassword'); 
print $password . “ is the encrypted version of mypassword”; 

?> 


<?php 
$password = crypt('mypassword' , 'd4'); 
print $password . " is the CRYPT_STD_DES version of mypassword<br>"; 
$password = crypt('mypassword' , 'k783d.y1g'); 
print $password . " is the CRYPT_EXT_DES version of mypassword<br>"; 
$password = crypt('mypassword' , '$1$d4juhy6d$'); 
print $password . " is the CRYPT_MD5 version of mypassword<br>"; 
$password = crypt('mypassword' , '$2a$07$kiuhgfslerd...........$'); 
print $password . " is the CRYPT_BLOWFISH version of mypassword<br>"; 
?>
原文

I`m using tinymce for the textarea .The php code that adds the content to database is below:

mysql_select_db('rough_site');
if(($_POST['post_content'] != ''))
{
$current_date= date("Y-m-d");
//$content_of_post = stripslashes($_POST['post_content']);
$content_of_post=$_POST['post_content'];
//$post_title=$_POST['post_title'];
if(($_POST['post_title']) =='')
{
$post_title="Untitled".time();
}
$addpost = "INSERT into posts (user_name, post_title ,                 post_content,post_total,post_date)
VALUES ( '$_SESSION[user_name]' , '$post_title' , '$content_of_post', 0  ,                '$current_date') " ;
if(!$confirmpost)
{
echo "Problem adding your post . Please resubmit it . " ."<br/>" . mysql_error();
}

now if i try to add some php code as example it gives me error like this :

Problem adding your post . Please resubmit it .
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/em>');
print $password . “ is the encrypted version of mypassword&' at line 2 .

What is wrong here ? Thankx!

example code I wanted to add :

<?php 
$password = crypt('mypassword'); 
print $password . “ is the encrypted version of mypassword”; 

?> 


<?php 
$password = crypt('mypassword' , 'd4'); 
print $password . " is the CRYPT_STD_DES version of mypassword<br>"; 
$password = crypt('mypassword' , 'k783d.y1g'); 
print $password . " is the CRYPT_EXT_DES version of mypassword<br>"; 
$password = crypt('mypassword' , '$1$d4juhy6d
); 
print $password . " is the CRYPT_MD5 version of mypassword<br>"; 
$password = crypt('mypassword' , '$2a$07$kiuhgfslerd...........
); 
print $password . " is the CRYPT_BLOWFISH version of mypassword<br>"; 
?>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

書生途 2024-12-06 06:57:02

您应该在从表单收到的输入上使用 mysql_real_escape_string

$content_of_post = mysql_real_escape_string($_POST['post_content']);

此外,如果您有 $_POST['post_title'],则不会设置您的 $post_title代码>设置。这也会导致 SQL 错误。应该是这样的:

$post_title=(!empty($_POST['post_title']))?$_POST['post_title']:"Untitled".time();

另外,直接将输入数据附加到 sql 查询中是一种非常糟糕的做法。考虑使用 mysqli准备好的语句

You should use mysql_real_escape_string on the input you receive from form:

$content_of_post = mysql_real_escape_string($_POST['post_content']);

Also, your $post_title is not being set if you have $_POST['post_title'] set. This will also end up in an SQL error. Should be something like:

$post_title=(!empty($_POST['post_title']))?$_POST['post_title']:"Untitled".time();

Also, appending input data into sql query directly is a very bad practice. Consider using mysqli and prepared statemnts

回复 原文
猥︴琐丶欲为 2024-12-06 06:57:02

我猜您需要在发布到数据库之前转义您的输入。看来您的查询在第一个“引用”处中断,这是有道理的。

由于您使用的是旧版 mysql 扩展,请查看 此页面 因此,

在分配 $addpost 变量之前,您应该执行类似的操作:

$content_of_post = mysql_real_escape_string($content_of_post);

顺便说一句,您应该对所有字段执行此操作,以降低 mySQL 注入攻击的风险。希望我的猜测是正确的,这会有所帮助。

I'm guessing that you need to escape your input before posting to the database. It looks like your query breaks at the first 'quote' which makes sense.

Since you're using the legacy mysql extension have a look at this page on the manual

So you would do something like this before assigning your $addpost variable:

$content_of_post = mysql_real_escape_string($content_of_post);

You should do that for all fields, by the way, to reduce the risk of mySQL injection attacks. Hope I'm right in guessing and that this helps.

回复 原文
~没有更多了~

关于作者

待"谢繁草

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文