did you forget to enclose the value for up_date in ''?insert into news (parentid , rootid , typeid , title ,pic , soft ,up_date , contents ,comfrom ) values (2,2,11,'vvv','default.gif','no','2004-07-13','..........','本站原创' )$sql="insert into news (parentid , rootid , typeid , title ,pic , soft ,up_date , contents ,comfrom ) values ($array_tree[2],$array_tree[1],$array_tree[0],'$article_title','$pic_keepname','$soft_keepname','$up_date','$contents','$comefrom' )"; also, try to escape $content to avoid possible sql injection attack:$content = str_replace("'","''",$content);
你们上面说的我都试过啦,我的up_date加上‘’和不加都一样
//////////////////////////////////////////////////////////////// function query( $sql="" ) {
$last_data.=$last[i]."《》"; } } // print_r($last); 我是白痴,我考递归出来后就排好顺序的啦,我考 */ //return $data; //echo $data; //} //echo $data; ///////////////////////////////////////////////////////////////// function test_child($parentid=0){ global $data_title; global $data_id; global $data_parentid; global $data_rootid; global $data_is_child; $db= new mssql();
//$sun_du=$du+1; /*执行sql查询,获取记录的标题和id*/ $sql = "select title,id,parentid,is_child,rootid from menu_tree where parentid=$parentid and state=1 "; //echo $sql; //print_r($sql); //print_r($db->fetch_row()); $rs = $db->query($sql); //print_r($rs); //print_r($rs); //$count=$db->num_rows($rs); //print_r($count); while( $child=$db->fetch_row($rs) ) {
$last_data.=$last[i]."《》"; } } // print_r($last); 我是白痴,我考递归出来后就排好顺序的啦,我考 */ //return $data; //echo $data; //} //echo $data; ///////////////////////////////////////////////////////////////// function test_child($parentid=0){ global $data_title; global $data_id; global $data_parentid; global $data_rootid; global $data_is_child; $db= new mssql();
//$sun_du=$du+1; /*执行sql查询,获取记录的标题和id*/ $sql = "select title,id,parentid,is_child,rootid from menu_tree where parentid=$parentid and state=1 "; //echo $sql; //print_r($sql); //print_r($db->fetch_row()); $rs = $db->query($sql); //print_r($rs); //print_r($rs); //$count=$db->num_rows($rs); //print_r($count); while( $child=$db->fetch_row($rs) ) {
(parentid , rootid , typeid , title ,pic , soft ,up_date , contents ,comfrom ) values
($array_tree[2],$array_tree[1],$array_tree[0],'$article_title','$pic_keepname','$soft_keepname','$up_date','$contents','$comefrom' )";
also, try to escape $content to avoid possible sql injection attack:$content = str_replace("'","''",$content);
function query( $sql="" ) {
$query=mssql_query($sql);
$this->rs=$query;
return $query;
}
我本来程序已经测试好的啦,上船contents=“sdsdfsdffssdfklsdhfklasjl"
都没有问题,我晕,很郁闷
Parse error: parse error, unexpected T_ECHO in D:\webstite\fj\admin2\edit.php on line 258
//////////////////////////////////////////////////////////////////////
<?
require_once("../inc/link.php");
checkplg(4);//if(!checkplg("1","noalert"))
//alert("请先登陆","exit,close");
$db= new mssql();
///////////////////////////////////////////
/*
function mtime(){
$temp=explode(" ",microtime());
$temp[0]=preg_replace("/^0\.(.*)$/s","\\1",$temp[0]);
$str=$temp[1].$temp[0];
return $str;
}
*/ $id=$_REQUEST['id'];
//print_r($id);
$rootid=$_REQUEST['rootid'];
$parentid=$_REQUEST['parentid']?$_REQUEST['parentid']:$_REQUEST['get_rootid'];
//echo $parentid;
$is_child=$_REQUEST['is_child'];
//$du=$_REQUEST['du'];
//echo $parentid;$title=$_REQUEST['title']; function upload($bool)
{
//if(!is_null($_FILES['up_soft'])) {
if($bool=='up_soft')
{
$type="rar|zip|doc|ppt|txt";
$dir="../up_soft";
$perl="/^.*?\.($type)\$/i";
}
if($bool=='up_pic')
{
$type="png|gif|jpg";
$dir="../up_pic";
$perl="/^.*?\.($type)\$/i";
}
if($bool==""){
echo "参数错误";
return false;
}
if(!is_uploaded_file( $_FILES[$bool]['tmp_name'] ) ){
//echo "不能上传";
return false ;
}
if( !preg_match( $perl ,$_FILES[$bool]['name'] ,$match ) ){
if($bool=="up_pic"){
alert( "图片上传时候网络不好或者你的格式错误啦!!你的其他数据将写入数据库 ");
}
if($bool=="up_soft"){
alert( "附件上传时候网络不好或者你的格式错误啦!!你的其他数据将写入数据库 ");
}
if($bool==""){
alert( "参数错误");
}
return false ;
}
先不插入contents字段,看看是否可以我认为是你插入contents字段的内容有问题
$temp_name= $bool.mtime().".".$match[1];
$tmep_name=str_replace(".php","",$tmep_name);///guolv
$keep_url= $dir."/".$temp_name ;
if(!move_uploaded_file($_FILES[$bool]['tmp_name'],$keep_url)){
//echo "dsfffffffff";
return false ;
}
else
{
//if($bool="up_soft")
//echo "附件上传成功";
//if($bool="up_pic")
//echo "图片上传成功";
return $temp_name;
}
unset($bool);
}
//print_r($title);
/////////////////////////////////////////////////////
/*
function tree_father ($parentid = 0) {
global $data_father;
$db= new mssql();
$sql = "select title,id,parentid from menu_tree where id=$parentid and state=1 "; /*执行sql查询,获取记录的标题和id*/
//echo $sql;
//print_r($sql);
//print_r($db->fetch_row());
//$rs = $db->query($sql);
//print_r($rs);
//print_r($rs);
//print_r($rs);
////$father=$db->fetch_row($rs);
//print_r($father[0]);
//$data_father.=$father[0]."|-|";
//print_r($data);
//if($father[2]!=0)
//{
//tree_father($father[2]);
//}
//print_r($data);
/*
if( !is_null($data) ){
$last=explode("|",$data);
for($i=0;$i<count($last);$i++){
$last_data.=$last[i]."《》";
}
}
// print_r($last);
我是白痴,我考递归出来后就排好顺序的啦,我考
*/
//return $data;
//echo $data;
//}
//echo $data;
/////////////////////////////////////////////////////////////////
function test_child($parentid=0){
global $data_title;
global $data_id;
global $data_parentid;
global $data_rootid;
global $data_is_child;
$db= new mssql();
//$sun_du=$du+1; /*执行sql查询,获取记录的标题和id*/
$sql = "select title,id,parentid,is_child,rootid from menu_tree where parentid=$parentid and state=1 ";
//echo $sql;
//print_r($sql);
//print_r($db->fetch_row());
$rs = $db->query($sql);
//print_r($rs);
//print_r($rs);
//$count=$db->num_rows($rs);
//print_r($count);
while( $child=$db->fetch_row($rs) )
{
//if($child[1]==""){
if($child[3]!=0)
{
test_child($child[1]); continue;
//break;
}
//static $data;
$data_title.= $child[0]."||";
$data_id.=$child[1]."||";
//echo $data_id;
$data_rootid.=$child[4]."||";
$data_parentid.=$child[2]."||";
$data_is_child.=$child[3]."||";
//echo $data_is_child;
//echo $data."||";
//$data= $child[0];
//echo $data."||";
//test_child($child[1]); }
//return($data_title);
}
/////////////////////////////////////////////////////////////
test_child($parentid);$array_title = preg_split("/\|\|/", $data_title,-1,PREG_SPLIT_NO_EMPTY);
$array_rootid = preg_split("/\|\|/", $data_rootid,-1,PREG_SPLIT_NO_EMPTY);
$array_parentid = preg_split("/\|\|/", $data_parentid,-1,PREG_SPLIT_NO_EMPTY);
$array_is_child = preg_split("/\|\|/", $data_is_child,-1,PREG_SPLIT_NO_EMPTY);
$array_id = preg_split("/\|\|/", $data_id,-1,PREG_SPLIT_NO_EMPTY);
//print_r($array_title);
//print_r($array_rootid);
$count=(count($array_title));
//}
//print_r($_FILES['up_soft']);
//////////////////////////////////////////////////////////////////////////////////////////////////////////
if( $_REQUEST['gogo_up']==1 )
{ $tree=$_REQUEST['my_tree'];
$array_tree= preg_split("/\|\|/", $tree,-1,PREG_SPLIT_NO_EMPTY);
//print_r($array_tree);
//$up_pic=$_FILES['up_pic'];
//print_r($up_pic);
//$up_soft=$_FILES['up_soft'];
$article_title=$_REQUEST['get_title'];
//print_r($article_title);
$comefrom=$_REQUEST['comefrom'];
//print_r($comefrom);
$contents=$_REQUEST['contents'];
//print_r($contents);
////////////////////////////////////////////////////////////////////////////////
if(!isset( $_FILES['up_soft'] )=="" )
{
$soft_keepname=upload('up_soft');
}
if(!isset($_FILES['up_pic']) =="")
{
$pic_keepname=upload('up_pic');
}
$soft_keepname=$soft_keepname?$soft_keepname:"no";
$pic_keepname=$pic_keepname?$pic_keepname:"default.gif";
$up_date=date('Y-m-d');
//////////////////////////////////////////////////////////////////////////
$sql="insert into news
(parentid , rootid , typeid , title ,pic , soft ,up_date , contents ,comfrom ) values
(".$array_tree[2].",".$array_tree[1].",".$array_tree[0].",'".$article_title."','".$pic_keepname."',
'".$soft_keepname."','".$up_date."','".$contents."','".$comefrom."' )";
echo $sql;
$db->query($sql);
//phpinfo();
//alert("上传成功","back");
}
这样就能上传成功,我昨天测试好了的,今天同时来上传内容就出来上面的警告,
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
我不知道怎么表达啦,如果我随便乱输入一些字符测试就是好的
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
显示端:
$temp_name= $bool.mtime().".".$match[1];
$tmep_name=str_replace(".php","",$tmep_name);///guolv
$keep_url= $dir."/".$temp_name ;
if(!move_uploaded_file($_FILES[$bool]['tmp_name'],$keep_url)){
//echo "dsfffffffff";
return false ;
}
else
{
//if($bool="up_soft")
//echo "附件上传成功";
//if($bool="up_pic")
//echo "图片上传成功";
return $temp_name;
}
unset($bool);
}
//print_r($title);
/////////////////////////////////////////////////////
/*
function tree_father ($parentid = 0) {
global $data_father;
$db= new mssql();
$sql = "select title,id,parentid from menu_tree where id=$parentid and state=1 "; /*执行sql查询,获取记录的标题和id*/
//echo $sql;
//print_r($sql);
//print_r($db->fetch_row());
//$rs = $db->query($sql);
//print_r($rs);
//print_r($rs);
//print_r($rs);
////$father=$db->fetch_row($rs);
//print_r($father[0]);
//$data_father.=$father[0]."|-|";
//print_r($data);
//if($father[2]!=0)
//{
//tree_father($father[2]);
//}
//print_r($data);
/*
if( !is_null($data) ){
$last=explode("|",$data);
for($i=0;$i<count($last);$i++){
$last_data.=$last[i]."《》";
}
}
// print_r($last);
我是白痴,我考递归出来后就排好顺序的啦,我考
*/
//return $data;
//echo $data;
//}
//echo $data;
/////////////////////////////////////////////////////////////////
function test_child($parentid=0){
global $data_title;
global $data_id;
global $data_parentid;
global $data_rootid;
global $data_is_child;
$db= new mssql();
//$sun_du=$du+1; /*执行sql查询,获取记录的标题和id*/
$sql = "select title,id,parentid,is_child,rootid from menu_tree where parentid=$parentid and state=1 ";
//echo $sql;
//print_r($sql);
//print_r($db->fetch_row());
$rs = $db->query($sql);
//print_r($rs);
//print_r($rs);
//$count=$db->num_rows($rs);
//print_r($count);
while( $child=$db->fetch_row($rs) )
{
//if($child[1]==""){
if($child[3]!=0)
{
test_child($child[1]); continue;
//break;
}
//static $data;
$data_title.= $child[0]."||";
$data_id.=$child[1]."||";
//echo $data_id;
$data_rootid.=$child[4]."||";
$data_parentid.=$child[2]."||";
$data_is_child.=$child[3]."||";
//echo $data_is_child;
//echo $data."||";
//$data= $child[0];
//echo $data."||";
//test_child($child[1]); }
//return($data_title);
}
/////////////////////////////////////////////////////////////
test_child($parentid);$array_title = preg_split("/\|\|/", $data_title,-1,PREG_SPLIT_NO_EMPTY);
$array_rootid = preg_split("/\|\|/", $data_rootid,-1,PREG_SPLIT_NO_EMPTY);
$array_parentid = preg_split("/\|\|/", $data_parentid,-1,PREG_SPLIT_NO_EMPTY);
$array_is_child = preg_split("/\|\|/", $data_is_child,-1,PREG_SPLIT_NO_EMPTY);
$array_id = preg_split("/\|\|/", $data_id,-1,PREG_SPLIT_NO_EMPTY);
//print_r($array_title);
//print_r($array_rootid);
$count=(count($array_title));
//}
//print_r($_FILES['up_soft']);
//////////////////////////////////////////////////////////////////////////////////////////////////////////
if( $_REQUEST['gogo_up']==1 )
{ $tree=$_REQUEST['my_tree'];
$array_tree= preg_split("/\|\|/", $tree,-1,PREG_SPLIT_NO_EMPTY);
//print_r($array_tree);
//$up_pic=$_FILES['up_pic'];
//print_r($up_pic);
//$up_soft=$_FILES['up_soft'];
$article_title=$_REQUEST['get_title'];
//print_r($article_title);
$comefrom=$_REQUEST['comefrom'];
//print_r($comefrom);
$contents=$_REQUEST['contents'];
//print_r($contents);
////////////////////////////////////////////////////////////////////////////////
if(!isset( $_FILES['up_soft'] )=="" )
{
$soft_keepname=upload('up_soft');
}
if(!isset($_FILES['up_pic']) =="")
{
$pic_keepname=upload('up_pic');
}
$soft_keepname=$soft_keepname?$soft_keepname:"no";
$pic_keepname=$pic_keepname?$pic_keepname:"default.gif";
$up_date=date('Y-m-d');
//////////////////////////////////////////////////////////////////////////
$sql="insert into news
(parentid , rootid , typeid , title ,pic , soft ,up_date , contents ,comfrom ) values
(".$array_tree[2].",".$array_tree[1].",".$array_tree[0].",'".$article_title."','".$pic_keepname."',
'".$soft_keepname."','".$up_date."','".$contents."','".$comefrom."' )";
echo $sql;
$db->query($sql);
//phpinfo();
//alert("上传成功","back");
}
?>
<html>
<head>
<script language="JavaScript">
<!--
function check()
{
document.all.contents.value=document.all.editor.value;
if(document.all.contents.value==""){
alert('没有写任何内容');
return false;
}
if(!document.article.my_tree.value||document.article.my_tree.value=="no")
{
alert("请选择叶子目录,嘿嘿");
return false;
}
if(document.article.get_title.value=="")
{
alert("没写标题");
return false;
}
return true;
}-->
</script>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>发表文章</title>
</head><BODY vLink=#ffffff aLink=#ffffff link=#ffffff leftMargin=0
bgcolor="#FFCCFF" topMargin=0 >
<table width="780" border="0" align="center" cellspacing="0" class="beside">
<tr>
<td> <table width="690" height="42" border="0" align="center" cellpadding="0" cellspacing="0" >
<form action="<?=$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" name="article" onSubmit="return check();">
<tr>
<td width="690"><table width="679" border="1" align="center" cellspacing="1" bordercolorlight="#c0c0c0" bordercolordark="#FFFFFF" bgcolor="#e4e8ef">
<tr>
<td width="161">本级目录所有叶子:必须填</td>
<td colspan="2"> <select id="my_tree" name="my_tree" >
<option value="no" selected>选择</option>
<?
for( $i=0;$i<$count;$i++ ){
?>
<option value="<? echo $array_id[$i]."||".$array_rootid[$i]."||".$array_parentid[$i]."||" ?>" >
<?=$array_title[$i]?>
</option>
<?
}
?>
</select>
* </td>
<td width="276"> </td>
</tr>
<tr>
<td>图片:可以没有</td>
<td colspan="3"><input type="file" name="up_pic">
<>可选<>GIF<>JPG<>PNG<></td>
</tr>
<tr>
<td>附件:可以没有</td>
<td colspan="3"><input type="file" name="up_soft"> <>可选<><>ZIP<>PPT<>DOC<>RAR<></td>
</tr>
<tr>
<td>标题:必须填</td>
<td colspan="3"><input name="get_title" type="text" id="get_title" maxlength="2000">
* </td>
</tr>
<tr>
<td>来源:</td>
<td colspan="3"><input name="comefrom" type="text" id="comefrom2" value="本站原创"></td>
</tr>
<tr>
<td height="25"> </td>
<td colspan="3"> <input type="submit" name="Submit" value="提交">
<input name="contents" type="hidden" id="contents2" value="0">
<input name="gogo_up" type="hidden" id="gogo_up" value="1">
<input name="get_rootid" type="hidden" id="get_rootid" value="<?=$parentid?>">
<input type="button" name="pics" value="我要目录图片" onClick="window.open('./up_menu_pics.php', 'pic','width=550,height=450,status=1,scrollbars=yes')">
<input name="get_pics_ids" type="hidden" id="get_pics_ids" value="38"></td>
</tr>
</table></td>
</tr>
</form>
<tr>
<td valign="top"> <object id=editor name=editor style="LEFT: 0px; TOP: 0px" data="./htmleditor/editor.html" width="100%" height=500 type=text/x-scriptlet VIEWASTEXT>
</object> </td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>
$sql="insert into news
(parentid , rootid , typeid , title ,pic , soft ,up_date , contents ,comfrom ) values
(".$array_tree[2].",".$array_tree[1].",".$array_tree[0].",'".$article_title."','".$pic_keepname."',
'".$soft_keepname."','".$up_date."','".$contents."','".$comefrom."' )";
echo $sql;
$db->query($sql);
//phpinfo();
//alert("上传成功","back");
}
这句什么意思?是不是提交的正文的内容?是的话应该用<textarea>标签啊!
1:contents---表单里面乱打一些字符可以提交后生成的sql语句没有问题,程序也没有问题
2:向上面那样传大量内容生成的sql语句没有问题,拿到查询分析器里面能够处理成功
但是程序里不成功,报警告如下:
Warning: mssql_query(): message: 第 5 行: 'Times' 附近有语法错误。 (severity 15) in D:\webstite\fj\inc\mssql_class.php on line 55Warning: mssql_query(): Query failed in D:\webstite\fj\inc\mssql_class.php on line 55
3:我的其他query处理都没有问题
4:我的contents字段对应的类型的长度绝对够用, text,varchar都用一样的报上面的错误
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
5:我郁闷啦,这是不是一个bug,我疯啦
6:公司要求的跟mssql结合的
7:我一晚上没有睡觉啦,在线讨论
8:救救我
<form name="news" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" onSubmit="return check();">
<b>标题:</b>
<input type="text" name="ntitle" size="80">
<b>类型:</b>
<select name="ntype[]">
<option value="官方" selected>官方</option>
<option value="系统">系统</option>
<option value="活动">活动</option>
</select>
<br>
<b>正文:</b>
<textarea name="ncontent" style="width=80%;height=160px;"></textarea>
<br>
<b>日期:</b>
<input type="text" name="ndate" size="30" value="<?php echo date("Y-m-d H:i:s"); ?>">
<br><br>
<input type="submit" name="submit" value="提交">
<input type="reset" name="reset" value="清空">
</form>
<?php
}
else
{
$title = htmlspecialchars($_POST['ntitle']);
$content = htmlspecialchars($_POST['ncontent']);
$content = str_replace("\n", "<br>", $content);
$date = $_POST['ndate'];
$type = $_POST['ntype'][0];
$query = "insert into news(ntitle, ntype, ncontent, ndate) values('$title', '$type', '$content', '$date')";
mysql_connect('localhost', 'root', '1234567') or die('Connect error:'.mysql_error());
mysql_select_db('news') or die('Database error:'.mysql_error());
$result = mysql_query($query) or die('Query error:'.mysql_error());
echo "<div align='center'>";
if ($result)
{
unset($_POST['submit']);
echo "<p>提交成功!<br><a href='add.php'>继续</a><br><a href='list.php?page=1'>查看</a></p>";
}
else
{
echo "<p>提交失败!</p>";
echo mysql_error();
}
echo "</div>";
</object> </td>
一个对象,正文的编辑器
试一试
你的问题与那些代码无关!而且也看不清楚
需要考虑或测试的是:
1、contents的数据类型,加入的内容是否超过该类型允许的长度。
2、检查php.ini中有关mssql的设置,尤其注意串长度的设置。这与在sql server控制台中是不一样的
3、插入contents的内容中是否有需要转义的字符
4、用你的程序插入如下内容,如能通过则重点检查第2项
"test"this test'...."结束