2009-06-30 22 views
0

私はこの質問を以前に聞いたことがありますが、それほどうまくいきません!基本的に私はCMSの編集ページを持っています。どこかの行に沿って(要素から順に)フィールドは表示されるべき場所の隣のボックスに表示されます。なぜどんなアイデア?セキュリティに関するPHP変数がMySQLに正しく渡されない

<?php 

if(isset($_GET['id'])) 
{ 
    $query = "SELECT * ". 
      "FROM studies ". 
      "WHERE id = '".$_GET['id']."'"; 

    $result = mysql_query($query) or die('Error : ' . mysql_error()); 
     list($id, $pagetitle, $title, $date, $copy, $outputs, $strategies, $client, $niche, $media, $thumbmedia, $newfieldtitle, $newfieldcontent) = mysql_fetch_array($result, MYSQL_NUM); 



} 

if(isset($_POST['update1'])) 
{ 
    $id = $_POST['id']; 
    $pagetitle = $_POST['pagetitle']; 
    $title = $_POST['title']; 
    $date = $_POST['date']; 
    $copy = $_POST['copy']; 
    $outputs = $_POST['outputs']; 
    $strategies = $_POST['strategies']; 
    $client = $_POST['client']; 
    $niche = $_POST['niche']; 
    $media = $_POST['media']; 
    $thumbmedia = $_POST['thumbmedia']; 
    $newfieldtitle = $_POST['newfieldtitle']; 
    $newfieldcontent = $_POST['newfieldcontent']; 

    if(!get_magic_quotes_gpc()) 
    { 
     $pagetitle = addslashes($pagetitle); 
     $title = addslashes($title); 
     $date = addslashes($date); 
     $copy = addslashes($copy); 
     $outputs = addslashes($outputs); 
     $strategies = addslashes($strategies); 
     $client = addslashes($client); 
     $niche = addslashes($niche); 
     $media = addslashes($media); 
     $thumbmedia = addslashes($thumbmedia); 
     $newfieldtitle = addslashes($newfieldtitle); 
     $newfieldcontent = addslashes($newfieldcontent); 

    } 

    // update the article in the database 
    $query = "UPDATE studies 
      SET pagetitle = '$pagetitle', title = '$title', date = '$date', copy = '$copy', outputs = '$outputs', strategies = '$strategies', client = '$client', niche = '$niche', media = '$media', thumbmedia = '$thumbmedia', newfieldtitle = '$newfieldtitle', newfieldcontent = '$newfieldcontent' ". 
     "WHERE id = '$id'"; 
    mysql_query($query) or die('Error : ' . mysql_error()); 

    // then remove the cached file 
    $cacheDir = dirname(__FILE__) . '/cache/'; 

    $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html'; 

    @unlink($cacheFile); 

    // and remove the index.html too because the file list 
    // is changed 
    @unlink($cacheDir . 'index.html'); 

    echo "<b>Article '$title' updated</b>"; 

    // now we will display $title & content 
    // so strip out any slashes 
     $pagetitle = stripslashes($pagetitle); 
     $title = stripslashes($title); 
     $date = stripslashes($date); 
     $copy = stripslashes($copy); 
     $outputs = stripslashes($outputs); 
     $strategies = stripslashes($strategies); 
     $client = stripslashes($client); 
     $niche = stripslashes($niche); 
     $media = stripslashes($media); 
     $thumbmedia = stripslashes($thumbmedia); 
     $newfieldtitle = stripslashes($newfieldtitle); 
     $newfieldcontent = stripslashes($newfieldcontent); 

} 


?> 


<div class="container"> 
<form method="post"> 
<input type="hidden" name="id" value="<?php echo $id; ?>"> 

<p class="subheadsmall">Browser Title</p> 
<textarea cols="40" rows="1" class="box" name="pagetitle" id="editbox"><?php echo $pagetitle; ?></textarea> 


<p class="subheadsmall">Story Title</p> 
<textarea cols="40" rows="1" class="box" name="title" id="editbox"><?php echo $title; ?></textarea> 

<p class="subheadsmall">Date</p> 
<textarea cols="40" rows="1" class="box" name="date" id="editbox"><?php echo $date; ?></textarea> 

<p class="subheadsmall">Story</p> 
<textarea cols="80" rows="10" class="box" name="copy" id="editbox"><?php echo $copy; ?></textarea> 

<p class="subheadsmall">Outputs</p> 
<textarea cols="80" rows="10" class="box" name="outputs" id="editbox"><?php echo $outputs; ?></textarea> 

<p class="subheadsmall">Strategies</p> 

<p class="subheadsmall">Client</p> 
<select name="client"> 
    <option value="empty">Select a Client...</option> 
<?php 
      $result2 = mysql_query("SELECT name FROM clients"); 
       if (!$result2) { 
        die("Database query failed: " . mysql_error()); 
       } 


while($row = mysql_fetch_array($result2)) { 
    $clientlist = $row['name']; 
    $clientname = htmlspecialchars($row['name']); 

    if ($_POST['client'] == $clientlist) 
    { 

    echo '<option value="' . $clientlist . '" selected="selected" >' . $clientname . '</option>' . '\n'; 
    } 
    else{ 
    echo '<option value="' . $clientlist . '" >' . $clientname . '</option>' . '\n'; 
} 
} 


?> 
</select> 

<p class="subheadsmall">Core Classification</p> 

<?php 

switch ($niche) { 
    case "brand": 
     echo '<input type="radio" name="niche" value="brand" checked="checked" />Brand'; 
     echo '<input type="radio" name="niche" value="marketing" />Marketing'; 
     echo '<input type="radio" name="niche" value="communication" />Communication'; 
     break; 
    case "marketing": 
     echo '<input type="radio" name="niche" value="brand" />Brand'; 
     echo '<input type="radio" name="niche" value="marketing" checked="checked" />Marketing'; 
     echo '<input type="radio" name="niche" value="communication" />Communication'; 
     break; 
    case "communication": 
     echo '<input type="radio" name="niche" value="brand" />Brand'; 
     echo '<input type="radio" name="niche" value="marketing" />Marketing'; 
     echo '<input type="radio" name="niche" value="communication" checked="checked" />Communication'; 
     break; 
    default; 
     echo '<input type="radio" name="niche" value="brand" />Brand'; 
     echo '<input type="radio" name="niche" value="marketing" />Marketing'; 
     echo '<input type="radio" name="niche" value="communication" />Communication'; 
    break; 
} 

?> 

<p class="subheadsmall">Add New Strategy</p> 
<textarea cols="40" rows="1" class="box" name="strategies" id="editbox"><?php echo $strategies; ?></textarea> 

<p class="subheadsmall">Media</p> 
<textarea cols="80" rows="10" class="box" name="media" id="editbox"><?php echo $media; ?></textarea> 

<p class="subheadsmall">Thumbnail image</p> 
<textarea cols="80" rows="3" class="box" name="thumbmedia" id="editbox"><?php echo $thumbmedia; ?></textarea> 

<p class="subheadsmall">Additional Field</p> 

<p class="subheadsmall">Additional Field Title</p> 
<textarea cols="40" rows="1" class="box" name="newfieldtitle" id="editbox"><?php echo $newfieldtitle; ?></textarea> 
<p class="subheadsmall">Additional Field Content</p> 
<textarea cols="40" rows="3" class="box" name="newfieldcontent" id="editbox"><?php echo $newfieldcontent; ?></textarea> 



<input name="update1" type="submit" class="box" id="editbutton" value="Update Article"> 

</form> 
+0

あなたの質問に言い換えることができますか? – Graviton

+0

何行ですか?どの要素? – karim79

+0

申し訳ありません