当前位置: 文江博客话题详情

在 php/mysql 中简单发布到数据库 - 编辑

发布于 2024-12-06 22:51:34 字数 860 浏览 0 评论 0原文

很简单的东西,我知道,但出现错误

<?php  
session_start();  

$dbhost = "###"; // this will ususally be 'localhost', but can sometimes differ  
$dbname = "###"; // the name of the database that you are going to use for this project  
$dbuser = "###"; // the username that you created, or were given, to access your database  
$dbpass = "###"; // the password that you created, or were given, to access your database  

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());  
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());  

mysql_select_db("###", $con);

$safe_email = mysql_real_escape_string($_POST['email']);
$sql="INSERT INTO register (email) VALUES ('{$safe_email}')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>
原文

Pretty simple stuff, I know, but am getting an error

<?php  
session_start();  

$dbhost = "###"; // this will ususally be 'localhost', but can sometimes differ  
$dbname = "###"; // the name of the database that you are going to use for this project  
$dbuser = "###"; // the username that you created, or were given, to access your database  
$dbpass = "###"; // the password that you created, or were given, to access your database  

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());  
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());  

mysql_select_db("###", $con);

$safe_email = mysql_real_escape_string($_POST['email']);
$sql="INSERT INTO register (email) VALUES ('{$safe_email}')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

攒一口袋星星 2024-12-13 22:51:34

在查询调用中使用 $con 之前,它未在代码中的任何位置定义。您应该:

$con = mysql_connect(...) or die(mysql_error());

除此之外,您的代码对 SQL 注入攻击很开放。你应该有:

$safe_email = mysql_real_escape_string($_POST['email']);
$sql="INSERT INTO register (email) VALUES ('{$safe_email}')";

$con is not defined anywhere in your code, before you use it in the query call. You should have:

$con = mysql_connect(...) or die(mysql_error());

Beyond that, your code is WIDE open to SQL injection attacks. You should have:

$safe_email = mysql_real_escape_string($_POST['email']);
$sql="INSERT INTO register (email) VALUES ('{$safe_email}')";
回复 原文
明明#如月 2024-12-13 22:51:34

假设以下情况:

  1. 您对 PHP 没有太多经验
  2. 向您提供的信息是正确的
  3. 这是一个示例脚本,并且您知道需要替换 $dbname 的值、$dbhost$dbuser$dbpass

请尝试以下操作,如果屏幕上出现任何输出,请报告:

    <?php  
    session_start();  

    print "Connecting and inserting email: ".$_POST['email']."...";

    $dbhost = "###"; // this will ususally be 'localhost', but can sometimes differ  
    $dbname = "###"; // the name of the database that you are going to use for this project  
    $dbuser = "###"; // the username that you created, or were given, to access your database  
    $dbpass = "###"; // the password that you created, or were given, to access your database  

    $con = mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());  
    mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());  

    $safe_email = mysql_real_escape_string($_POST['email']);
    $sql="INSERT INTO register (email) VALUES ('{$safe_email}')";

    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }
    print "success! Inserted email with row id: ".mysql_insert_id();

    mysql_close($con)
    ?>

Assuming the following:

  1. You don't have a lot of experience with PHP
  2. The information that has been provided to you is correct
  3. This is an example script and you know the values that need to be substituted for $dbname, $dbhost, $dbuser and $dbpass

Please try the following and report back if you get any output at all to screen:

    <?php  
    session_start();  

    print "Connecting and inserting email: ".$_POST['email']."...";

    $dbhost = "###"; // this will ususally be 'localhost', but can sometimes differ  
    $dbname = "###"; // the name of the database that you are going to use for this project  
    $dbuser = "###"; // the username that you created, or were given, to access your database  
    $dbpass = "###"; // the password that you created, or were given, to access your database  

    $con = mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());  
    mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());  

    $safe_email = mysql_real_escape_string($_POST['email']);
    $sql="INSERT INTO register (email) VALUES ('{$safe_email}')";

    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }
    print "success! Inserted email with row id: ".mysql_insert_id();

    mysql_close($con)
    ?>
回复 原文
俯瞰星空 2024-12-13 22:51:34

这可能只是我的问题,但你应该将字符串放在一行上,或者对字符串使用串联 (.)

$sql="INSERT INTO register (email) VALUES ('$_POST[email]')";

除此之外,你应该在将信息添加到数据库之前清理信息,否则你会要求进行 sql 注入攻击。

现在讨论实际问题。您使用了一个未定义的变量 conn。我假设您引用所建立的连接,但您从未像这样将该变量设置为连接

$conn = mysql_connect($dblocal,$dbuser,$dbpass) or die(xxx);

this may just be me but you should but strings on a single line or use the concatenation (.) for the strings

$sql="INSERT INTO register (email) VALUES ('$_POST[email]')";

Other than that you should clean the information before adding it into the database otherwise your asking for sql injection attacks.

now to the actual problem. your using a variable that is undefined called conn. i am assuming your referencing the connection made, but you never set that variable to the connection like so

$conn = mysql_connect($dblocal,$dbuser,$dbpass) or die(xxx);
回复 原文
~没有更多了~

关于作者

何其悲哀

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Gabu-gabumon

文章 0 评论 0

qq_CgiN62

文章 0 评论 0

荔枝明

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

独守阴晴ぅ圆缺

文章 0 评论 0

¤→小豸慧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文