问题描述:

I'm trying to echo out a table with information, specifically posts.

<?php

echo "

<div class='forum_banner'>

<div style='float:left;'>

<a href='?action=forum'>Forum</a>

>

<a href='?action=forum#".fetch_info(fetch_info(fetch_info($_GET['id'], 'board_id', 'topic'), 'category_id', 'board'), 'name', 'category')."'>".fetch_info(fetch_info(fetch_info($_GET['id'], 'board_id', 'topic'), 'category_id', 'board'), 'name', 'category')."</a>

>

<a href='?action=board&id=".fetch_info($_GET['id'], 'board_id', 'topic')."'>".fetch_info(fetch_info($_GET['id'], 'board_id', 'topic'), 'name', 'board')."</a>

>

<a href='?action=topic&id=".$_GET['id']."'>".fetch_info($_GET['id'], 'name', 'topic')."</a>

</div>";

if (isset($_SESSION['id']))

{

echo "

<div style='float:right;'>

<form method='post' action='?action=create&type=reply&id=".$_GET['id']."'>

<input type='submit' value='Reply'/>

</form>

</div>";

}

echo "

</div>";

echo "

<div class='content'>

<table class='forum_table'>";

$query = mysql_query("SELECT * FROM post WHERE topic_id='".$_GET['id']."' ORDER BY time ASC") or die(mysql_error());

echo "

<tr>

<td class='table_header' colspan='2'>

<b>".fetch_info($_GET['id'], 'name', 'topic')."</b>

</td>

</tr>";

while($query_fetch = mysql_fetch_assoc($query))

{

echo "

<tr>

<td class='forum_table_cell_post' width='25%'>

<ul class='post_info'>

<li><b><a href='?action=user&id=".$query_fetch['creator']."'>".fetch_info($query_fetch['creator'], 'name', 'user')."</a></b></li>

<li>".fetch_info($query_fetch['creator'], 'rank', 'user')."</li>

<li style='max-width:128px; max-height:128px; overflow:hidden;'><img src='".fetch_info($query_fetch['creator'], 'avatar', 'user')."' /></li>

<li>Posts: ".count_post($query_fetch['creator'])."</li>

<li>Reputation: ".(fetch_info($query_fetch['creator'], 'reputation', 'user')>0 ? ('<font color="#007D00">+'.fetch_info($query_fetch['creator'], 'reputation', 'user').'</font>') : (fetch_info($query_fetch['creator'], 'reputation', 'user')<0 ? ('<font color="#7D0000">'.fetch_info($query_fetch['creator'], 'reputation', 'user').'</font>') : ('<font color="#000000">'.fetch_info($query_fetch['creator'], 'reputation', 'user').'</font>')))."</li>

</ul>

</td>

<td class='forum_table_cell_post' width='75%'>

<ul class='post_info'>

<li><i>".convert_date($query_fetch['time']) + ($query_fetch['edit']=='0000-00-00 00:00:00' ? '' : (', last edit: '.convert_date($query_fetch['edit'])))."</i></li>

<div class='spacer'></div>

<li>".$query_fetch['body']."</li>

".(fetch_info($query_fetch['creator'], 'signature', 'user') ? '<div class=\'spacer\'></div>' : '')."

<li>".fetch_info($query_fetch['creator'], 'signature', 'user')."</li>

</ul>

</td>

</tr>

";

}

echo "

</table>

</div>";

?>

This is what I end up with (HTML output):

<div class='forum_banner'>

<div style='float:left;'>

<a href='?action=forum'>Forum</a>

>

<a href='?action=forum#General'>General</a>

>

<a href='?action=board&id=1'>General discussion</a>

>

<a href='?action=topic&id=1'>First topic</a>

</div>

<div style='float:right;'>

<form method='post' action='?action=create&type=reply&id=1'>

<input type='submit' value='Reply'/>

</form>

</div>

</div>

<div class='content'>

<table class='forum_table'>

<tr>

<td class='table_header' colspan='2'>

<b>First topic</b>

</td>

</tr>0</i></li>

<div class='spacer'></div>

<li>Nice first post!</li>

<div class='spacer'></div>

<li>"Non incautus futuri"</li>

</ul>

</td>

</tr>

0</i></li>

<div class='spacer'></div>

<li>This is the first topic ever made! This is the first topic ever made! This is the first topic ever made!</li>

<div class='spacer'></div>

<li>"Non incautus futuri"</li>

</ul>

</td>

</tr>

</table>

</div>

The php file is "include'd" in the index.php like this: "include 'topic.php'" and it's ment to echo out a table of data from my database. Why is this happening?

Also, here is my stylesheet:

body {margin:0; padding:0; width:100%; background-color:#F0F2F3; font-family: 'Calibri', sans-serif; font-size:16px; background-image:url(img/pattern.png); background-repeat:repeat;}

p {margin:0; padding:0 0 5px 0;}

a:link,a:visited {color:#003399; text-decoration:none;}

a:hover,a:active,a:focus {color:#FF9933;}

input[type='textbox'],input[type='password'] {margin:0; padding:2px; height:16px; border:1px solid #CCCCCC; background-color:#FFFFFF; color:#000000;}

input[type='submit'] {cursor:pointer; margin:0; height: 22px; padding:2px 6px; border:1px solid #CCCCCC; background-color:#FFFFFF; color:#000000;

-webkit-transition: background 0.4s linear, color 0.4s linear;

-moz-transition: background 0.4s linear, color 0.4s linear;}

input[type='submit']:hover,input[type='submit']:focus {background-color:#99CCCC; color:#FFFFFF;

-webkit-transition: background 0.4s linear, color 0.4s linear;

-moz-transition: background 0.4s linear, color 0.4s linear;}

img {margin:0; padding:0; border:none;}

.page_wrapper {margin:0 auto; padding:0; width:900px;}

#header_area {margin:0; padding:0; width:100%;}

#header_box {margin:0; padding:0; width:900px;}

#header {float:left; margin:30px auto; padding:0;}

#user_panel {float:right; margin:26px auto; height:40px;}

#menu {margin:0; padding:0; list-style-type:none; width:100%; border:1px solid #CCCCCC; border-bottom:none; background-color:#FFFFFF; overflow:hidden;}

#menu li {margin:0; padding:0;}

#menu a:link,#menu a:visited {float:left; margin:0; border-right:1px solid #CCCCCC; padding:10px 25px; color:#000000; background-color:#FFFFFF; text-decoration:none; font-weight:bold;

-webkit-transition: background 0.4s linear, color 0.4s linear;

-moz-transition: background 0.4s linear, color 0.4s linear;}

#menu a:hover,#menu a:active,#menu a:focus {background-color:#99CCCC; color:#FFFFFF;

-webkit-transition: background 0.4s linear, color 0.4s linear;

-moz-transition: background 0.4s linear, color 0.4s linear;}

#content_area {margin:0; padding:0; width:100%;}

#content_box {margin:0; padding:0; width:900px; border:1px solid #CCCCCC; background-color:#FFFFFF; overflow:hidden;}

#home_sidebar {margin:0; padding:0; width:30%; float:left;}

#home_content {margin:0; padding:0; width:70%; float:right;}

.content {height:2000px; margin:10px; padding:0; overflow:hidden;}

.small_box {margin:0 150px; padding:0; border:1px solid #CCCCCC;}

.forum_table {margin:0; padding:0; border:none; width:100%;}

.forum_table_cell {margin:0; padding:0px 10px; background-color:#F0F2F3; height:60px;}

.forum_table_cell_post {margin:0; padding:10px; background-color:#F0F2F3; vertical-align:text-top;}

.table_header {padding:0 10px; margin:0; height:30px; font-size:18px; background-color:#FF9933;}

.spacer {margin:5px 0; padding:0; border-top:1px solid #CCCCCC;}

.forum_banner {margin: 10px 10px 0 10px; overflow:hidden; height:22px;}

.post_info {list-style-type:none; padding:0; margin:0;}

.post_info li {margin:2px 0 0 0; padding:0; vertical-align:text-top;}

网友答案:

The html looks like a mess.

The first things you should do are to make sure you generate valid html:

  • don't put in <div> elements as direct children of <ul>;
  • use htmlspecialchars on all variables you output to html to make sure the values don't break the html.
  • use &gt; instead of >, etc.

Also, your query has an sql injection hole. You should switch to PDO (or mysqli) with prepared statements and bound variables to avoid that or at the very least cast your $_GET variable to int if it is an integer / use mysql_real_escape_string if it is a string.

相关阅读:
Top