<?PHP
class db
{
var $server = "localhost";
var $username = "root";
var $password = "123456";
var $dbname = "qianzhen";
var $conn;
function __construct()//类构造函数
{
$this->conn=mysql_connect($this->server, $this->username,$this->password);
mysql_select_db($this->dbname,$this->conn);
mysql_query("SET NAMES 'utf8'",$this->conn);
}
}
?>
<?php
if (isset($_POST["ok"]) and $_POST["ok"]=="ok")
{
$title=$_POST["title"];
$content=$_POST["content"];
$sql="insert into tb_news (title,content) values('".$title."','".$content.")";
}?>
<body>
<form id="form1" name="form1" method="post" action="" style="margin-top:20px;" onsubmit="return check();">
<input type="hidden" name="ok" id="ok" value="ok" />
<table width="800" border="1" align="center" cellpadding="6" cellspacing="0">
<tr bgcolor="#66CCFF">
<td height="50" colspan="2" align="center">--><strong>添加信息</strong></td>
</tr>
<tr>
<td align="right">信息标题</td>
<td align="left"><input name="title" type="text" class="txt" id="title" style=" width:550px;" /> </td>
</tr>
<tr>
<td align="right">详细内容</td>
<td align="left"><textarea name="content" id="content" style=" width:700px; height:300px;">默认内容...</textarea> </td>
</tr>
<tr>
</tr>
<tr>
<td align="right"><input name="button" type="submit" class="btn" id="button" value="提交" /></td>
<td align="left"> </td>
</tr>
</table>
</form>
</body>
class db
{
var $server = "localhost";
var $username = "root";
var $password = "123456";
var $dbname = "qianzhen";
var $conn;
function __construct()//类构造函数
{
$this->conn=mysql_connect($this->server, $this->username,$this->password);
mysql_select_db($this->dbname,$this->conn);
mysql_query("SET NAMES 'utf8'",$this->conn);
}
}
?>
<?php
if (isset($_POST["ok"]) and $_POST["ok"]=="ok")
{
$title=$_POST["title"];
$content=$_POST["content"];
$sql="insert into tb_news (title,content) values('".$title."','".$content.")";
}?>
<body>
<form id="form1" name="form1" method="post" action="" style="margin-top:20px;" onsubmit="return check();">
<input type="hidden" name="ok" id="ok" value="ok" />
<table width="800" border="1" align="center" cellpadding="6" cellspacing="0">
<tr bgcolor="#66CCFF">
<td height="50" colspan="2" align="center">--><strong>添加信息</strong></td>
</tr>
<tr>
<td align="right">信息标题</td>
<td align="left"><input name="title" type="text" class="txt" id="title" style=" width:550px;" /> </td>
</tr>
<tr>
<td align="right">详细内容</td>
<td align="left"><textarea name="content" id="content" style=" width:700px; height:300px;">默认内容...</textarea> </td>
</tr>
<tr>
</tr>
<tr>
<td align="right"><input name="button" type="submit" class="btn" id="button" value="提交" /></td>
<td align="left"> </td>
</tr>
</table>
</form>
</body>
$sql="insert into tb_news (title,content) values('".$title."','".$content.")";
却没有
mysql_query($sql);
$sql="insert into tb_news (title,content) values('".$title."','".$content.")";
改成
$sql="insert into tb_news (title,content) values('".addslashes($title)."','".addslashes($content).")";
$sql="insert into tb_news (title,content) values('".$title."','".$content."')";