我的mysql_real_escape_string被忽略。這讓我很難過,因爲我覺得我錯過了很小的東西。mysql_real_escape_string不工作
的$的htmlText變量來自哪裏文本呈現爲HTML即與標籤等TinyMCE的編輯
<?php
/*--------GLOBAL PROCEDURES--------*/
session_start();
require "../scr/config-data.php.inc";
mysql_connect($host,$username,$password) or die
("Could Not Connect".mysql_error());
mysql_select_db($db) or die ("Could Not Connect".mysql_error());
/*-----SEVERAL SELECT/INSERT QUERIES, ALL WORKING FINE-----*/
/*--------SPECIFIC PROCEDURES-------*/
if($_POST['submit']){
//Check that POS has been chosen
$htmlText = mysql_real_escape_string($_POST['cust']);
if($htmlText != ""){
mysql_query("INSERT INTO table VALUES(NULL, '$htmlText')") or die(mysql_error());
}else{
$feedback = "Please Enter some text into the editor";
}
}
/*--------CLOSING PROCEDURES-------*/
mysql_close();
?>
奇怪的是,它是改編自這樣的作品,只有改變變量的腳本名。我在MySQL語法中遇到錯誤。它也沒有逃避文本中的HTML,所以我得到這個錯誤:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order VALUES(NULL, '
sfgafgafs
')' at line 1
什麼錯誤信息,你得到什麼例如輸入? – Gumbo 2011-01-21 14:26:08
給出上述錯誤信息,但逃脫當特定領域應該是
sfgafgafs
,但它呈現爲HTML – 2011-01-21 14:27:14您的表名爲「訂單」?嘗試將其更改爲``order``(反引號) – labue 2011-01-21 14:29:04