textarea中的輸入將不會在mysql表中更新

Question

我創建了一個表單來更新我網站上的橫幅信息。除了輸入到名爲「desc」的「textarea」中的輸入外，一切似乎都會更新。代碼看起來不錯，它讓我瘋狂。

在此先感謝。

<html> 
<body> 



<form action="aupdate.php" method="POST" enctype="multipart/form-data"> 

    Your or your company's name:<br> 
    <input type="text" name="com" size="60"><br> 


    URL:<br> 
    <input type="text" name="url" size="80"><br> 


    Please enter the username that you will use to update your advertisement info:<br> 
    <input type="text" name="user" size="80"><br> 

    Please enter the password that you will use to update your advertisement info:<br> 
    <input type="text" name="pass" size="80"><br> 

    <br> 
    <br> 


<br> 
    File:<br> 
    <input type="file" name="image"> 

      advertisement description:<br> 

<textarea name="desc" id="desc" cols="35" rows="5" ></textarea> 

     <input type="submit" value="update your ad!"> 


    </form> 

<?php 

//connect to database 
require("connect.php"); 

//get user made username 
$user = $_POST['user']; 

//get user made password 
$pass = $_POST['pass']; 

//encrypt user made password 
$encpass = hash('sha256', $pass); 

//file properties 
$file = $_FILES['image']['tmp_name']; 

//initialize company name and description 
$com = $_POST['com']; 
$desc = $_POST['desc']; 
$url = $_POST['url']; 




//check to see if coupon code and other essential info entered 
if (!$user || !$pass) 
{ 
    echo "Please enter updated info with username and password."; 
} 
else 
{ 

//retrieve data from password table 
$query = mysql_query ("SELECT * FROM apartment WHERE pass = '$encpass' "); 

//get number of rows in table 
$numrows = mysql_num_rows ($query); 

//check if code is right or exists 
if ($numrows !=0) 
{ 

    // code to login 
    while ($row = mysql_fetch_assoc ($query)) 
    { 
     //retrieve code from database to match with the code that was put into field 
     $dbuser = $row['user']; 
     $dbpass = $row['pass']; 
    } 

    //check to see if they match 
    if ($user == $dbuser && $encpass == $dbpass) 
    { 


    //check to see if a file has even been submitted 
    if (!$file) 
    { 

     echo "please upload image"; 
    } 
    else 
    { 
     //get image file attributes 
    $image = addslashes(file_get_contents ($_FILES['image']['tmp_name'])); 
    $image_name = addslashes($_FILES['image']['name']); 
    $image_size = addslashes(getimagesize($_FILES['image']['tmp_name'])); 

    //check if image file size is right 
    if ($image_size==FALSE) 
     echo "that's not an image."; 
    else 
    { 


mysql_query ("UPDATE apartment SET desc = '$desc' WHERE user ='$user'"); 
mysql_query ("UPDATE apartment SET name = '$image_name' WHERE user ='$user'"); 
mysql_query ("UPDATE apartment SET com = '$com' WHERE user ='$user'"); 
mysql_query ("UPDATE apartment SET url = '$url' WHERE user ='$user'"); 
mysql_query ("UPDATE apartment SET image = '$image' WHERE user ='$user'"); 


      echo "advertisement successfully updated!"; 



    } 
    } 


} 
else 


    echo "Incorrect username or password."; 
} 
else 



    echo "Incorrect username or password."; 

} 

?> 
</body> 
</html> 

Answer 1

遞減的mysql reserved word括在反引號

和逃避用戶輸入與mysql_real_escape_string

$desc=mysql_real_escape_string($desc); 
    mysql_query ("UPDATE apartment SET `desc` = '$desc' WHERE user ='$user'"); 

你也可以提高你的更新查詢使用逗號來更新詢問分開場1次更新

mysql_query ("UPDATE apartment SET `desc` = '$desc',url='$url' WHERE user ='$user'");