This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable,
visit the help center。
6年前关闭。
我为我的php类制作了一个食谱网站。我唯一不知道的是如何让用户添加自己的食谱。我创建了一个表单,但是当我按下“提交”按钮时,我收到此错误“您的SQL语法有错误;请查看与您的MySQL服务器版本相对应的手册,以找到在“服务”,“图像”附近使用的正确语法。 )VALUES(NULL,“燕麦薄煎饼II”,“我为我的孩子做的”在第1行”
我将不胜感激任何帮助!谢谢!
<?php
// make a note of the current working directory relative to root.
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
// make a note of the location of the upload handler
$uploadHandler = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.processor.php';
// set a max file size for the html upload form
$max_file_size = 30000; // size in bytes
?>
<?php
//include functions
require_once('includes/functions.php'); ?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Add a Recipe</title>
<link href="Images/style.css" rel="stylesheet" type="text/css">
</head>
<?php
$name = isset($_POST['name']) ? $_POST['name'] : '';
$description = isset($_POST['description']) ? $_POST['description'] : '';
$ingredients = isset($_POST['ingredients']) ? $_POST['ingredients'] : '';
$preparation = isset($_POST['preparation']) ? $_POST['preparation'] : '';
$category_id = isset($_POST['category_id']) ? $_POST['category_id'] : '';
$servings = isset($_POST['servings']) ? $_POST['servings'] : '';
$image = isset($_POST['image']) ? $_POST['image'] : '';
//connect to database
require_once('includes/mysqli_connect_recipe.php');
//if submit button clicked
if(isset($_POST['submit'])){
$valid = true;
// require name, description, ingredients and preparation with at least 2 characters
if(strlen($name) < 2){
$valid = false;
echo "Please provide a valid recipe name.<br>";
}
if(strlen($description) < 2){
$valid = false;
echo "Please provide a valid description.<br>";
}
if(strlen($ingredients) < 10){
$valid = false;
echo "Please provide valid ingredients.<br>";
}
if(strlen($preparation) < 10){
$valid = false;
echo "Please provide valid instructions.<br>";
}
//sanitize servings
$servings = intval($servings); //force $servings to be a number (0 if a string is entered)
// sanitize against SQL injections (do this for every field that's coming from the form)
$name = mysqli_real_escape_string($dbc, $name);
$description = mysqli_real_escape_string($dbc, $description);
$ingredients = mysqli_real_escape_string($dbc, $ingredients);
$preparation = mysqli_real_escape_string($dbc, $preparation);
// sanitize against XSS attacks - DO THIS TO ALL FIELDS
$description = strip_tags($description);
$name = strip_tags($name);
$ingredients = strip_tags($ingredients);
$preparation = htmlspecialchars($preparation);
if($valid){
// insert SQL
$insert = "INSERT INTO `sburg5`.`recipes` (`recipe_id`, `name`, `description`, `ingredients`, `preparation`, `category_id`, 'servings', 'image')VALUES (NULL, '$name', '$description', '$ingredients', '$category_id', '$servings', '$image');";
// execute insert query
$result = mysqli_query($dbc, $insert) or die(mysqli_error($dbc));
echo "Thank you for submitting a recipe!";
// output recipe
while($row = mysqli_fetch_array($result)){
echo "<h3>{$row['name']}</h3>
<p><img src=\"data:image/jpeg;base64,' . base64_encode{$row['image']} . '\"></p>
<p>" . $row['description'] . "</p>
<p>" . nl2br($row['ingredients']) . "</p>
<a href=\"addarecipe_edit.php?recipe_id={$row['recipe_id']}\">[edit]</a>
<a href=\"addarecipe_delete.php?recipe_id={$row['recipe_id']}\">[delete]</a>
<hr>";
}
}
}
?>
<form id="Upload" action="<?php echo $uploadHandler ?>" enctype="multipart/form-data" method="post">
<p>
<label for="name">Recipe Name:</label>
<input type="text" name="name" id="name" >
</p>
<p>
<label for="servings">Servings:</label>
<input type="text" cols="50" name="servings" id="servings">
</p>
<p>
<label for="description">Description:</label>
<textarea rows="4" cols="50" name="description" id="description"></textarea>
</p>
<p>
<label>Type of Recipe:
<input type="radio" name="category_id" value="1" id="category_0" >Main Entree</label>
<label>
<input type="radio" name="category_id" value="2" id="category_1">Appetizer</label>
<label>
<input type="radio" name="category_id" value="3" id="category_2" >Side Dish</label>
<label>
<input type="radio" name="category_id" value="4" id="category_3" >Dessert</label>
</p>
<p>
<label for="ingredients">Ingredients:</label>
<textarea rows="10" cols="50" name="ingredients" id="ingredients" placeholder="Separate each ingredient with a return."></textarea>
</p>
<p>
<label for="preparation">Preparation:</label>
<textarea rows="10" cols="50" name="preparation" id="preparation"></textarea>
</p>
<p>
<input name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>" type="hidden">
<label for="file">File to upload:</label>
<input id="file" type="file" name="file">
<p class="submit">
<input type="submit" name="submit" value="Upload me!">
</form>
</p>
<?php
// close connection to database
mysqli_close($dbc); ?>
我是一名优秀的程序员,十分优秀!