我有這個論壇的另一個問題。一切都很好,只是不張貼HTML。論壇不顯示來自mysql的HTML
當我發佈沒有任何html的線程時,它顯示在線程視圖上,但是如果我發佈html,bold等東西,它根本不會顯示。
繼承人的後處理文件
<?php
include "connect.php"; //connection string
if(isset($_POST['submit']))
{
$name=$_POST['name'];
$yourpost=$_POST['yourpost'];
$subject=$_POST['subject'];
if(strlen($name)<1)
{
print "You did not type in a name."; //no name entered
}
else if(strlen($yourpost)<1)
{
print "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
print "You did not enter a subject."; //no subject entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$subject=strip_tags($subject);
$name=strip_tags($name);
$yourpost=strip_tags($yourpost);
$insertpost="INSERT INTO forumtutorial_posts(author,title,post,showtime,realtime,lastposter) values('$name','$subject','$yourpost','$displaytime','$thedate','$name')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
print "Message posted, go back to <A href='index.php'>Forum</a>.";
}
}
else
{
print "<form action='post.php' method='post'>";
print '<input type="hidden" name="name" value="' . $_SESSION[usr_name] . '" size="20"><br>';
print "Topic title:<br>";
print "<input type='text' name='subject' size='20'><br>";
print "Your message:<br>";
print "<textarea name='yourpost' rows='5' cols='40' id='new_thread'></textarea><br>";
print "<input type='submit' name='submit' value='submit'></form>";
}
?>
<script language="JavaScript">
generate_wysiwyg('new_thread');
</script>
這裏是線程視圖
<?php
include "connect.php"; //mysql db connection here
$id=$_GET['id'];
$gettopic="SELECT * from forumtutorial_posts where postid='$id'";
$gettopic2=mysql_query($gettopic) or die("Could not get topic");
$gettopic3=mysql_fetch_array($gettopic2);
print "<div id='left'>";
print "<div id='navi-body'>";
print "<a href='index.php'>Back to main forum</a> <a href='post.php'>New Topic</a> <A href='reply.php?id=$id'>Reply</a>";
print "</div>";
print "<div class='content'>";
print "<div class='content-header yellow'>$gettopic3[title]</div>";
print "<div class='content-mid'>";
$message=strip_tags($gettopic3['post']);
$message=nl2br($message);
print "$message";
print "<br /><br />";
print "Posted by: $gettopic3[author] Created at: $gettopic3[showtime]";
print "</div>";
print "<div class='content-footer'></div>";
print "</div>";
$getreplies="Select * from forumtutorial_posts where parentid='$id' order by postid desc"; //getting replies
$getreplies2=mysql_query($getreplies) or die("Could not get replies");
while($getreplies3=mysql_fetch_array($getreplies2))
{
print "<div class='content'>";
print "<div class='content-header yellow'>$getreplies3[author] replied at $getreplies3[showtime]</div>";
print "<div class='content-mid'>";
$message=strip_tags($getreplies3['post']);
$message=nl2br($message);
print "$message";
print "</div>";
print "<div class='content-footer'></div>";
print "</div>";
}
print " ";
?>
我想讓它顯示HTML和非HTML。
請顯示正在發佈的內容以及返回的內容的示例 - 無論是在MySQL中,還是在PHP中。 –
嗨Blowski,在MySQL的「職位」位是空白的,但其他一切正確填寫。 – NickkN
我希望這只是虛擬代碼,因爲您現在的輸入是完全不安全的。你應該仔細研究PDO。 –