php - Mysqli prepared statement unwanted results -
Can anyone tell me why it works every time?
Include ('../globals/mysqli_connect.php'); $ Insert_channel = new mysqli ($ DB_HOST, $ DB_USER, $ DB_PASS, $ DB_NAME); If (mysqli_connect_errno ()) {printf ("Connect failed:% s \ n", mysqli_connect_error ()); Go out(); } $ Insert_channel_query = "UPDATE tv_channels SET channel_name = '$ _ POST [channel_name]', variant_1_source = '$ _ POST [variant_1_source]', variant_2_source = '$ _ POST [variant_2_source]', variant_3_source = '$ _ POST [variant_3_source] ', Variant_4_source =' $ _POST [variant_4_source] 'WHERE id =? "; If ($ stmt_insert_channel = $ insert_channel- & gt; create ($ insert_channel_query)) {$ stmt_insert_channel- & gt; Dam_prim ("s", $ _ GET ['editchannelID']); $ Stmt_insert_channel- & gt; Executed (); $ Stmt_insert_channel- & gt; near (); } $ Insert_channel- & gt; Close (); Header ("refresh: 1; url = tv_online.php"); This thing works, but when $ _POST ['variant_1_source'] or $ _POST ['variant_2_source'] or $ _POST ['variant_3_source'] or $ _POST ['variant_4_source '] I add it: & lt; Script src = "http://portaltv.ro/jw6/jwplayer.js" type = "text / javascript" & gt; & Lt; / Script & gt; & Lt; Script src = "http://portaltv.ro/jw6/key.js" type = "text / javascript" & gt; & Lt; / Script & gt; & Lt; Script src = "http://p.jwpcdn.com/6/3/jwpsrv.js" & gt; & Lt; / Script & gt; & Lt; Script src = "http://p.jwpcdn.com/6/3/sharing.js"></script></head><body><div id =" player_1_wrapper "style =" width : 100%; Height: 100%; Condition: Relative, "and gt; & Lt; Object name = "player_1" width = "100%" height = "100%" tabindex = "0" id = "player_1" class = "clsid: D27CDB6E-AE6D-11cf-96B8-444553540000" "=" "& gt; Parameter name = "_x" VALUE = "50800"> Param name = "_ cy" VALUE = "13123"> parameter NAME = "FlashVars" VALUE = "" & gt; & lt; PARAM NAME = " Movie "VALUE =" http://portaltv.ro/jw6/jwplayer.flash.swf ">
PARAM name =" Src "VALUE =" http://portaltv.ro/jw6/jwplayer.flash. Swf "& lt; PARAM name =" WMode "VALUE =" opaque "& gt; Param name =" play "VALUE =" 0 "& gt; parameter name =" loop "VALUE =" - 1 " & Gt; & lt; Param Name = "Quality" VALUE = "High" & gt; Param Name = "Saline" VALUE = "A T "> Parameter Name =" Menu "VALUE =" - 1 "& gt; & lt; PARAM NAME =" Base "VALUE =" "& gt; & lt; PARAM NAME =" AllowScriptAccess "VALUE =" Always " & Gt; Param Name = "Scale" VALU E = "NosKele"> Param Name = "Device Font" VALUE = "0" & gt; Parameter Name = "Embed0" = "0" & Gt; parameter NAME = "BGColor" VALUE = "000000" & lt; Param Name = "SWRemote" VALUE = "" & gt; & Lt; Param Name = "MovieData" VALUE = "" & gt; & Lt; Param Name = "SeamlessThing" VALUE = "1" & gt; & Lt; PARAM NAME = "profile" VALUE = "0" & gt; Param Name = "Profile Address" VALUE = "" & gt; & Lt; Param Name = "Profile Port" VALUE = "0" & gt; & Lt; Param Name = "Allow Networking" VALUE = "All" & gt; & Lt; PARAM name = "AllowFullScreen" value = "true" & gt; & Lt; PARAM name = "AllowFullScreenInteractive" value = "false" & gt; & Lt; PARAM name = "isDependent" value = "0" and gt; & Lt; Ultimate name = "movie" value = "http://portaltv.ro/jw6/jwplayer.flash.swf" gt; & Lt; Ultimate name = "Permitted Screen" value = "true" & gt; & Lt; Ultimate name = "permission rate" value = "always" & gt; Ultimate name = "seamstesting" value = "true" & gt; Ultimate name = "wmode" value = "opaque" & gt; & Lt; Ultimate name = "bg color" value = "# 000000" & gt; & Lt; / Object & gt; & Lt; Div id = "player_1_jwpsrv" style = "up: 0 pixel; position: full; z-index: 10;" & gt; & Lt; / Div & gt; & Lt; Div id = "player_1_sharing" style = "up: 0 pixel; position: full; z-index: 11;" & gt; & Lt; / Div & gt; & Lt; / Div & gt; & Lt; Script type = "text / javascript" & gt; Jwplayer ('player_1'). Setup ({file: "http: //178.21.? 120.198: 1936 / live3 / mp4: Animal Planet / mp4: Animal Planet / portaltv.m3u8 file = mp4: Animal Planet & amp; token = f526074b3aa399ec6b82df17ce1d5840", Width: "100 % ", Height:" 100% ", auto start:" right ", sharing: {Code: encodeuri (" iframe src = 'http: //www.x'/> "), link:" Http: //www.x "}}); & Lt; / Script & gt;
This database does not include the above code. PS I know that they put the variable in the query directly, I did just for testing. If someone can tell me why Html / javascript was added to the database, please help a brother. Thanks!
Comments
Post a Comment