add db quote function

This commit is contained in:
wlx 2011-12-22 14:30:28 +00:00
parent 7cd95d2c9b
commit 39fcfbcf8a
1 changed files with 11 additions and 15 deletions

View File

@ -169,10 +169,10 @@ class Admin_NewsController extends Zend_Controller_Action
$msg=array(); $msg=array();
if(empty($title)) $msg[]="标题不能为空"; if(empty($title)) $msg[]="标题不能为空";
if(strlen($title)>40) $msg[]="标题长度不能超过40个字符"; if(strlen($title)>200) $msg[]="标题长度不能超过200个字符";
if(strlen($writer)>50) $msg[]="作者长度不能超过50个字符"; if(strlen($writer)>50) $msg[]="作者长度不能超过50个字符";
if(strlen($keyword)>200) $msg[] = "关键词长度不能超过200个字符现在输入了".strlen($keyword)."个字符"; if(strlen($keyword)>200) $msg[] = "关键词长度不能超过200个字符现在输入了".strlen($keyword)."个字符";
if(strlen($description)>200) $msg[] = "内容描述不能超过200个字符现在输入了".strlen($description)."个字符"; if(strlen($description)>500) $msg[] = "内容描述不能超过200个字符现在输入了".strlen($description)."个字符";
if(empty($body)) $msg[]="请填写内容"; if(empty($body)) $msg[]="请填写内容";
if($typeid==0) $msg[]="请选择栏目"; if($typeid==0) $msg[]="请选择栏目";
@ -201,27 +201,23 @@ class Admin_NewsController extends Zend_Controller_Action
} }
$date=array( $date=array(
'title' => $title, 'title' => $this->db->quote($title),
'writer' => $writer, 'writer' => $this->db->quote($writer),
'keyword' => $keyword, 'keyword' => $this->db->quote($keyword),
'description'=> $description, 'description'=> $this->db->quote($description),
'image' => $image, 'image' => $image,
'writetime' => time(), 'writetime' => time(),
'pubtime' => $pubtime, 'pubtime' => $pubtime,
'source' => $source, 'source' => $source,
'typeid' => $typeid, 'typeid' => $typeid,
'pub' => $pub, 'pub' => $pub,
'body' => $body 'body' => $this->db->quote($body)
); );
$sql = "INSERT INTO news_archives (title,writer,keyword,description,image,writetime,pubtime,source,typeid,pub) $sql = "INSERT INTO news_archives (title,writer,keyword,description,image,writetime,pubtime,source,typeid,pub)
VALUES ('{$date['title']}', VALUES (".$date['title'].",".$date['writer'].",".$date['keyword'].",".$date['description'].",'".$date['image']."',
'{$date['writer']}',
'{$date['keyword']}',
'{$date['description']}',
'{$date['image']}',
'{$date['writetime']}', '{$date['writetime']}',
'{$date['pubtime']}', '{$date['pubtime']}',
'{$date['source']}', '{$date['source']}',
@ -235,7 +231,7 @@ class Admin_NewsController extends Zend_Controller_Action
if($sth->execute()) if($sth->execute())
{ {
$temp = $sth->fetch(PDO::FETCH_ASSOC); $temp = $sth->fetch(PDO::FETCH_ASSOC);
$sql = "INSERT INTO news_archivesaddon (id,body) values ('{$temp['id']}','{$date['body']}')"; $sql = "INSERT INTO news_archivesaddon (id,body) values ('{$temp['id']}',{$date['body']})";
if($this->db->exec($sql)>0) if($this->db->exec($sql)>0)
{ {
echo '<div class="box box-success">发布成功!</div><script> echo '<div class="box box-success">发布成功!</div><script>
@ -315,10 +311,10 @@ class Admin_NewsController extends Zend_Controller_Action
$msg=array(); $msg=array();
if(empty($title)) $msg[]="标题不能为空"; if(empty($title)) $msg[]="标题不能为空";
if(strlen($title)>40) $msg[]="标题长度不能超过40个字符"; if(strlen($title)>200) $msg[]="标题长度不能超过200个字符";
if(strlen($writer)>50) $msg[]="作者长度不能超过50个字符"; if(strlen($writer)>50) $msg[]="作者长度不能超过50个字符";
if(strlen($keyword)>200) $msg[] = "关键词长度不能超过200个字符现在输入了".strlen($keyword)."个字符"; if(strlen($keyword)>200) $msg[] = "关键词长度不能超过200个字符现在输入了".strlen($keyword)."个字符";
if(strlen($description)>200) $msg[] = "内容描述不能超过200个字符现在输入了".strlen($description)."个字符"; if(strlen($description)>500) $msg[] = "内容描述不能超过500个字符现在输入了".strlen($description)."个字符";
if(empty($body)) $msg[]="请填写内容"; if(empty($body)) $msg[]="请填写内容";
if($typeid==0) $msg[]="请选择栏目"; if($typeid==0) $msg[]="请选择栏目";