CKEditor上傳代碼片段 - SQL錯誤

Question

我無法從CKEditor上傳代碼片段。它們的格式很好，但是當上傳到數據庫時，它將文本視爲代碼，並在遇到'$'變量時停止。 這是CKEditor的輸出的代碼片段

這是什麼用於發佈到數據庫

$date = date('Y-m-d') ."\n"; 
 
$now = time(); $utc_time = $now - intval(date('Z', $now)); 
 
$time = date('H:i:s', $now); 
 

 
$name = $_POST['title']; 
 
$subject = $_POST['subject']; 
 

 
$forum_id = $_POST['forum_id']; 
 
$post = $_POST['post']; 
 

 

 
$user_id = $_SESSION['user']['user_id']; 
 
$sql = "INSERT INTO threads (forum_id,user_id,name,post,time,date,subject) VALUES ('$forum_id','$user_id','$name','".$post."','$time','$date','$subject');";

和錯誤是：

(!) Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'echo $hello' in /storage/www/fsociety/newthread.php on line 72 
 
(!) PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'echo $hello' at line 1 in /storage/www/fsociety/newthread.php on line 72

Answer 1

保存之前，您應該編碼的HTML這樣

$post = mysql_real_escape_string($_POST['post']);