在textarea中输入的内容不会在mysql表中更新

| 我已经创建了一个表格来更新我网站上的横幅信息。除了键入称为\“ desc \”的\“ textarea \”输入外,所有内容似乎都在更新。代码看起来不错,这让我发疯。 提前致谢。
<html>
<body>



<form action=\"aupdate.php\" method=\"POST\" enctype=\"multipart/form-data\">

    Your or your company\'s name:<br>
    <input type=\"text\" name=\"com\" size=\"60\"><br>


    URL:<br>
    <input type=\"text\" name=\"url\" size=\"80\"><br>


    Please enter the username that you will use to update your advertisement info:<br>
    <input type=\"text\" name=\"user\" size=\"80\"><br>

    Please enter the password that you will use to update your advertisement info:<br>
    <input type=\"text\" name=\"pass\" size=\"80\"><br>

   <br>
   <br>


<br>
    File:<br>
    <input type=\"file\" name=\"image\">

          advertisement description:<br>

 <textarea name=\"desc\" id=\"desc\" cols=\"35\" rows=\"5\" ></textarea>

      <input type=\"submit\" value=\"update your ad!\">


    </form>

<?php

//connect to database
require(\"connect.php\");

//get user made username
$user = $_POST[\'user\'];

//get user made password
$pass = $_POST[\'pass\'];

//encrypt user made password
$encpass = hash(\'sha256\', $pass);

//file properties
$file = $_FILES[\'image\'][\'tmp_name\'];

//initialize company name and description
$com = $_POST[\'com\'];
$desc = $_POST[\'desc\'];
$url = $_POST[\'url\'];




//check to see if coupon code and other essential info entered
if (!$user || !$pass )
{
    echo \"Please enter updated info with username and password.\";
}
else
{

//retrieve data from password table
$query = mysql_query (\"SELECT * FROM apartment WHERE pass = \'$encpass\' \");

//get number of rows in table
$numrows = mysql_num_rows ($query);

//check if code is right or exists
if ($numrows !=0)
{

    // code to login
    while ($row = mysql_fetch_assoc ($query))
    {
        //retrieve code from database to match with the code that was put into field
        $dbuser = $row[\'user\'];
        $dbpass = $row[\'pass\'];
    }

    //check to see if they match
    if ($user == $dbuser && $encpass == $dbpass )
    {


    //check to see if a file has even been submitted
    if (!$file)
    {

        echo \"please upload image\";
    }
    else
    {
        //get image file attributes
    $image = addslashes(file_get_contents ($_FILES[\'image\'][\'tmp_name\']));
    $image_name = addslashes($_FILES[\'image\'][\'name\']);
    $image_size = addslashes(getimagesize($_FILES[\'image\'][\'tmp_name\']));

    //check if image file size is right
    if ($image_size==FALSE)
        echo \"that\'s not an image.\";
    else
    {


mysql_query (\"UPDATE apartment SET desc = \'$desc\' WHERE user =\'$user\'\"); 
mysql_query (\"UPDATE apartment SET name = \'$image_name\' WHERE user =\'$user\'\"); 
mysql_query (\"UPDATE apartment SET com = \'$com\' WHERE user =\'$user\'\"); 
mysql_query (\"UPDATE apartment SET url = \'$url\' WHERE user =\'$user\'\"); 
mysql_query (\"UPDATE apartment SET image = \'$image\' WHERE user =\'$user\'\"); 


            echo \"advertisement successfully updated!\";



    }
  }


}
else


    echo \"Incorrect username or password.\";
}
else 



    echo \"Incorrect username or password.\";

}

?>
</body>
</html>
已邀请:
desc是mysql保留字,用反引号引起来 并使用mysql_real_escape_string逃避用户输入
    $desc=mysql_real_escape_string($desc);
    mysql_query (\"UPDATE apartment SET `desc` = \'$desc\' WHERE user =\'$user\'\"); 
您也可以使用逗号分隔更新查询中的字段来改进更新查询以一次更新
mysql_query (\"UPDATE apartment SET `desc` = \'$desc\',url=\'$url\' WHERE user =\'$user\'\"); 

要回复问题请先登录注册