继续PHP出错

wxlg1117

1. <?php
   
2. 
   
3. 
   
4. require "include/bittorrent.php";
   
5. 
   
6. dbconn();
   
7. loggedinorreturn();
   
8. 
   
9. if (get_user_class() < UC_ADMINISTRATOR)
   
10.         newerr($tracker_lang['error'], $tracker_lang['access_denied']);
    
11. 
    
12. $action = $_GET["action"];
    
13. 
    
14. //   Delete News Item    //////////////////////////////////////////////////////
    
15. 
    
16. if ($action == 'delete')
    
17. {
    
18.         $newsid = (int)$_GET["newsid"];
    
19.   if (!is_valid_id($newsid))
    
20.           newerr($tracker_lang['error'],"Invalid news item ID - Code 1.");
    
21. 
    
22.   $returnto = htmlentities($_GET["returnto"]);
    
23. 
    
24.   $sure = $_GET["sure"];
    
25.   if (!$sure)
    
26.     newerr("Delete News","Are you sure you want to delete this news? Click \n" .
    
27.             "<a href=?action=delete&newsid=$newsid&returnto=$returnto&sure=1>here</a> If you are sure.");
    
28. 
    
29.   sql_query("DELETE FROM news WHERE id=$newsid") or sqlerr(__FILE__, __LINE__);
    
30. 
    
31.         if ($returnto != "")
    
32.                 header("Location: $returnto");
    
33.         else
    
34.                 $warning = "News <b>successfully</b> deleted";
    
35. }
    
36. 
    
37. //   Add News Item    /////////////////////////////////////////////////////////
    
38. 
    
39. if ($action == 'add')
    
40. {
    
41. 
    
42.         $subject = $_POST["subject"];
    
43.         if (!$subject)
    
44.                 newerr($tracker_lang['error'],"Topic news may not be empty!");
    
45. 
    
46.         $body = $_POST["body"];
    
47.         if (!$body)
    
48.                 newerr($tracker_lang['error'],"Body news may not be empty!");
    
49. 
    
50.         $added = $_POST["added"];
    
51.         if (!$added)
    
52.                 $added = TIMENOW;
    
53. 
    
54.   sql_query("INSERT INTO news (userid, added, body, subject) VALUES (".
    
55.           $CURUSER['id'] . ", $added, " . sqlesc($body) . ", " . sqlesc($subject) . ")") or sqlerr(__FILE__, __LINE__);
    
56.         if (mysql_affected_rows() == 1)
    
57.                 $warning = "News <b>successfully added </b>";
    
58.         else
    
59.                 newerr($tracker_lang['error'],"What just happened?.");
    
60. }
    
61. 
    
62. //   Edit News Item    ////////////////////////////////////////////////////////
    
63. 
    
64. if ($action == 'edit')
    
65. {
    
66. 
    
67.         $newsid = (int)$_GET["newsid"];
    
68. 
    
69.   if (!is_valid_id($newsid))
    
70.           newerr($tracker_lang['error'],"Invalid news item ID - Code 2.");
    
71. 
    
72.   $res = sql_query("SELECT * FROM news WHERE id=$newsid") or sqlerr(__FILE__, __LINE__);
    
73. 
    
74.         if (mysql_num_rows($res) != 1)
    
75.           newerr($tracker_lang['error'], "No news item with ID.");
    
76. 
    
77.         $arr = mysql_fetch_array($res);
    
78. 
    
79.   if ($_SERVER['REQUEST_METHOD'] == 'POST')
    
80.   {
    
81.           $body = $_POST['body'];
    
82.           $subject = $_POST['subject'];
    
83. 
    
84. 
    
85.         $subject = $_POST["subject"];
    
86.         if ($subject == "")
    
87.                 newerr($tracker_lang['error'],"Topic news may not be empty");
    
88. 
    
89.     if ($body == "")
    
90.             newerr($tracker_lang['error'], "Body news may not be empty!");
    
91. 
    
92.     $body = sqlesc($body);
    
93. 
    
94.     $subject = sqlesc($subject);
    
95. 
    
96.     $editedat = sqlesc(TIMENOW);
    
97. 
    
98.     sql_query("UPDATE news SET body=$body, subject=$subject WHERE id=$newsid") or sqlerr(__FILE__, __LINE__);
    
99. 
    
100.     $returnto = htmlentities($_POST['returnto']);
     
101. 
     
102.                 if ($returnto != "")
     
103.                         header("Location: $returnto");
     
104.                 else
     
105.                         $warning = "News <b>successfully</b> edited";
     
106.   }
     
107.   else
     
108.   {
     
109.                  $returnto = htmlentities($_GET['returnto']);
     
110.           stdhead("Editing News");
     
111.           print("<form method=post name=news action=?action=edit&newsid=$newsid>\n");
     
112.           print("<table border=1 cellspacing=0 cellpadding=5>\n");
     
113.           print("<tr><td class=colhead>Editing news<input type=hidden name=returnto value=$returnto></td></tr>\n");
     
114.           print("<tr><td>Subject: <input type=text name=subject maxlength=70 size=50 value=\"" . htmlspecialchars($arr["subject"]) . "\"/></td></tr>");
     
115.           print("<tr><td style='padding: 0px'>");
     
116.           textbbcode("news","body",htmlspecialchars($arr["body"]));
     
117.           //<textarea name=body cols=145 rows=5 style='border: 0px'>" . htmlspecialchars($arr["body"]) .
     
118.           print("</textarea></td></tr>\n");
     
119.           print("<tr><td align=center><input type=submit value='Edit News'></td></tr>\n");
     
120.           print("</table>\n");
     
121.           print("</form>\n");
     
122.           stdfoot();
     
123.           die;
     
124.   }
     
125. }
     
126. 
     
127. //   Other Actions and followup    ////////////////////////////////////////////
     
128. 
     
129. stdhead("News");
     
130. if ($warning)
     
131.         print("<p><font size=-3>($warning)</font></p>");
     
132. print("<form method=post name=news action=?action=add>\n");
     
133. print("<table border=1 cellspacing=0 cellpadding=5>\n");
     
134. print("<tr><td class=colhead>Submit News</td></tr>\n");
     
135. print("<tr><td>Subject: <input type=text name=subject maxlength=40 size=50 value=\"" . htmlspecialchars($arr["subject"]) . "\"/></td></tr>");
     
136. print("<tr><td style='padding: 0px'>");
     
137. textbbcode("news","body","");
     
138. //<textarea name=body cols=145 rows=5 style='border: 0px'>
     
139. print("</textarea></td></tr>\n");
     
140. print("<tr><td align=center><input type=submit value='Add News' class=btn></td></tr>\n");
     
141. print("</table></form><br /><br />\n");
     
142. 
     
143. $res = sql_query("SELECT * FROM news ORDER BY added DESC") or sqlerr(__FILE__, __LINE__);
     
144. 
     
145. if (mysql_num_rows($res) > 0)
     
146. {
     
147. 
     
148. 
     
149.         begin_main_frame();
     
150.         begin_frame();
     
151. 
     
152.         while ($arr = mysql_fetch_array($res))
     
153.         {
     
154.                 $newsid = $arr["id"];
     
155.                 $body = $arr["body"];
     
156.                 $subject = $arr["subject"];
     
157.           $userid = $arr["userid"];
     
158.           $added = get_date_time($arr["added"]) . " GMT (" . (get_elapsed_time($arr["added"])) . " Ago)";
     
159. 
     
160.     $res2 = sql_query("SELECT username, donor FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
     
161.     $arr2 = mysql_fetch_array($res2);
     
162. 
     
163.     $postername = $arr2["username"];
     
164. 
     
165.     if ($postername == "")
     
166.             $by = "Unknown [$userid]";
     
167.     else
     
168.             $by = "<a href=userdetails.php?id=$userid><b>$postername</b></a>" .
     
169.                     ($arr2["donor"] == "yes" ? "<img src=pic/star.gif alt='Donor'>" : "");
     
170. 
     
171.           print("<p class=sub><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>");
     
172.     print("Posted ".$added."&nbsp;-&nbsp;$by");
     
173.     print(" - [<a href=?action=edit&newsid=$newsid><b>Edit</b></a>]");
     
174.     print(" - [<a href=?action=delete&newsid=$newsid><b>Delete</b></a>]");
     
175.     print("</td></tr></table></p>\n");
     
176. 
     
177.           begin_table(true);
     
178.       print("<tr valign=top><td><b>".$subject."</b></td></tr>\n");
     
179.           print("<tr valign=top><td class=comment>".format_comment($body)."</td></tr>\n");
     
180.           end_table();
     
181.         }
     
182.         end_frame();
     
183.         end_main_frame();
     
184. }
     
185. else
     
186.   newerr("Sorry", "No News!",false,true);
     
187. die;
     
188. ?>

复制代码

其中的这一段：

1.   $sure = $_GET["sure"];
   
2.   if (!$sure)
   
3.     newerr("Delete News","Are you sure you want to delete this news? Click \n .
   
4.             "<a href=?action=delete&newsid=$newsid&returnto=$returnto&sure=1>here</a> If you are sure.");
   

复制代码

放服务器页面成这样了：


符号问题？

a.a

newerr() 对于html是怎么处理的？