PHP表單/發佈錯誤

Question

好吧，我的發佈腳本有一些小問題。除了當我輸入一個像撇號的短語時，一切都很好，例如「這是我的標題」不會​​發佈，請將「我的標題」添加到後。不知道這是爲什麼。也許條形碼標籤我真的不知道，我該怎麼辦？當它不起作用，我得到了底部錯誤信息

} else { 
if(isset($_POST['what'])&&isset($_POST['when'])&&isset($_POST['where'])&&isset($_POST['details'])&&isset($_POST['sponsored_by'])&&isset($_POST['collegeId'])){ 

$what = nl2br(htmlspecialchars(strip_tags(stripslashes(trim($_POST['what']))))); 

$where = nl2br(htmlspecialchars(strip_tags(stripslashes(trim($_POST['where']))))); 

$when = nl2br(htmlspecialchars(strip_tags(stripslashes(trim($_POST['when']))))); 

$sponsored_by = nl2br(htmlspecialchars(strip_tags(stripslashes(trim($_POST['sponsored_by']))))); 

$details = nl2br(htmlspecialchars(strip_tags(stripslashes(trim($_POST['details']))))); 
    $collegeId = intval($_POST["collegeId"]); 
    if(isset($_SESSION['username'])){ 

$username = htmlspecialchars(strip_tags(stripslashes(trim(($_SESSION['username']))))); 
     $query = "select id, Name from users where username='$username' and activated = 1"; 
     $doQuery = mysql_query($query); 
     if(mysql_num_rows($doQuery)>0){ 
      $results = mysql_fetch_array($doQuery); 
      $userName = $results['Name']; 
      $email = $username; 
      $id = $results['id']; 
      $query = "insert into events values(NULL,$id,$collegeId,'$what','$when','$where','$details','$sponsored_by',NOW())"; 
      if(mysql_query($query)) header("Location: collegeInfo.php?college=$collegeId&message=added"); 
      else echo "Failed to create new Event!".$query; 

Answer 1

你不要逃避你的查詢。嘗試至少用addslashes或mysql_real_escape_string消毒您的輸入。所以stripslashes - 從行中刪除反斜槓。使用addslashes來添加它們，而不是在mysql查詢之前刪除。

And dude，mysql_query is DEPRECATED在新的php版本中，請使用PDO和準備好的語句。