dqfkd82886
dqfkd82886
2012-04-07 21:25

另一个就地编辑器 - 一个jQuery编辑就地插件

I'm trying to figure out how to get the changed value to submit to the database but so far ive not had much luck at all. any idea as to what i am doing wrong?

JS FILE:

$("#editme5").editInPlace({
    /*saving_animation_color: "#ECF2F8",
    callback: function(idOfEditor, enteredText, orinalHTMLContent, settingsParams, animationCallbacks) {
        animationCallbacks.didStartSaving();
        setTimeout(animationCallbacks.didEndSaving, 2000);
        return enteredText;
    },*/
    url: "server.php",
    params: "name=BUSINESS_NAME"
});

PHP FILE:

include('database.php');
$_GET['name'];
$_NAME=$_GET['name'];

$update = $_POST['update_value'];
$insert = "UPDATE CLIENTS SET ".$_NAME."='".$update."'";
mysql_query($insert) or die (mysql_error());
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

2条回答

  • douzhang7603 douzhang7603 9年前

    Try changing:

    include('database.php');
    $_GET['name'];
    $_NAME=$_GET['name'];
    

    To:

    include('database.php');
    $_NAME=$_POST['name'];
    

    The documentation says:

    Once the in-place editor form is submitted, it sends a POST request to the URL that is specified in the editor’s parameters along with three form fields

    By writing $_NAME=$_GET['name']; you were expecting the value come over a GET request, but the plugin sends the value using a POST request. That's what is the culprit here, I suppose.

    Also, keep in mind what Marc B said in his comment. The code is very vunerable to SQL injection attacks. To make it less vunerable, use at least mysql_real_escape_string() (more: http://php.net/manual/pl/function.mysql-real-escape-string.php) or use prepared statements (a good tutorial: http://www.ultramegatech.com/2009/07/using-mysql-prepared-statements-in-php/).

    点赞 评论 复制链接分享
  • dtcuv8044 dtcuv8044 9年前

    try using $_REQUEST which can help you capture both $_GET and $_POST request at the sample time ...

    Try fixing SQL Injection holes with mysql_real_escape_string see http://php.net/manual/en/function.mysql-real-escape-string.php for more information

    Thanks

    点赞 评论 复制链接分享