我收到以下错误:
警告:mysqli_real_escape_string()正好需要2个参数,1在第28行的C:\ wamp \ www \ PTT \ login.php中给出
这是第28行:
$voornaam = mysqli_real_escape_string($_POST['voornaam']);
这是我的代码:
//Generate a key, print a form:
$key = sha1(microtime());
$_SESSION['csrf'] = $key;
if(isset($_POST['registreer'])){
$voornaam = mysqli_real_escape_string($_POST['voornaam']);
$achternaam = mysqli_real_escape_string($_POST['achternaam']);
$land = mysqli_real_escape_string($_POST['land']);
$gebdate = mysqli_real_escape_string($_POST['year'].'-'.$_POST['month'].'-'.$_POST['day']);
$inlognaam = mysqli_real_escape_string($_POST['inlognaam']);
$wachtwoord = mysqli_real_escape_string($_POST['wachtwoord']);
$wachtwoord_nogmaals = mysqli_real_escape_string($_POST['wachtwoord_nogmaals']);
$wachtwoordmd5 = md5($wachtwoord);
$email = mysqli_real_escape_string($_POST['email']);
$wereld = mysqli_real_escape_string($_POST['wereld']);
$secondaccount = mysqli_real_escape_string($_POST['agreecheck']);
$schelden = mysqli_real_escape_string($_POST['agreecheck2']);
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("Y-m-d H:i:s");
$character = mysqli_real_escape_string($_POST['character']);
$referer = mysqli_real_escape_string($_POST['referer']);
$check = mysqli_fetch_assoc(mysqli_query("SELECT `ip_aangemeld`, `aanmeld_datum` FROM `gebruikers` WHERE `ip_aangemeld`='".$ip."' ORDER BY `user_id` DESC"));
$registerdate = strtotime($check['aanmeld_datum']);
$current_time = strtotime(date('Y-m-d H:i:s'));
$countdown_time = 604800-($current_time-$registerdate);
答案 0 :(得分:2)
header {
margin-bottom: 0px;
background: rgb(76,77,74); /* Old browsers */
background: -moz-linear-gradient(top, rgba(76,77,74,1) 0%, rgba(55,56,52,1) 49%, rgba(38,39,35,1) 51%, rgba(16,17,13,1) 100%); /* FF3.6-15 */
background: -webkit-linear-gradient(top, rgba(76,77,74,1) 0%,rgba(55,56,52,1) 49%,rgba(38,39,35,1) 51%,rgba(16,17,13,1) 100%); /* Chrome10-25,Safari5.1-6 */
background: linear-gradient(to bottom, rgba(76,77,74,1) 0%,rgba(55,56,52,1) 49%,rgba(38,39,35,1) 51%,rgba(16,17,13,1) 100%); /* W3C, IE10+, FF16+, Chrome26+, Opera12+, Safari7+ */
filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#4c4d4a', endColorstr='#10110d',GradientType=0 ); /* IE6-9 */
padding: 15px;
overflow: auto;
border-bottom: 1px solid #646562;
box-shadow: 0px 14px 50px 0px rgba(255, 255, 255, 0.20);
}
header #branding {
float: left;
}
header #branding h1 {
font-size: 36px;
font-family: ErasBold;
color: #00d6dd;
margin: 0px;
}
header nav {
float: right;
height: 100%;
}
header nav ul {
list-style: none;
margin: 0;
height: 100%;
}
header nav ul li {
display: inline-block;
height: auto;
}
header nav ul li a {
/* Permalink - use to edit and share this gradient: http://colorzilla.com/gradient-editor/#020000+0,000000+87,000000+100&0+0,0+88,0.5+100 */
background: -moz-linear-gradient(left, rgba(2,0,0,0) 0%, rgba(0,0,0,0) 87%, rgba(0,0,0,0) 88%, rgba(0,0,0,0.5) 100%); /* FF3.6-15 */
background: -webkit-linear-gradient(left, rgba(2,0,0,0) 0%,rgba(0,0,0,0) 87%,rgba(0,0,0,0) 88%,rgba(0,0,0,0.5) 100%); /* Chrome10-25,Safari5.1-6 */
background: linear-gradient(to right, rgba(2,0,0,0) 0%,rgba(0,0,0,0) 87%,rgba(0,0,0,0) 88%,rgba(0,0,0,0.5) 100%); /* W3C, IE10+, FF16+, Chrome26+, Opera12+, Safari7+ */
filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#00020000', endColorstr='#80000000',GradientType=1 ); /* IE6-9 */
padding: 10px 25px;
color: #d4ff00;
border-left: 1px solid rgba(0, 0, 0, 0.4);
border-right: 1px solid rgba(255, 255, 255, 0.4);
text-decoration: none;
font-family: ErasBold;
height: 100%;
}
答案 1 :(得分:2)
在阻止SQL注入攻击时使用
mysql_real_escape_string不足进行转义,请改用预编译语句。
您需要添加mysqli连接链接标识符作为第一个参数:
$voornaam = mysqli_real_escape_string($con, $_POST['voornaam']);
注意:将$con替换为您的数据库变量。
答案 2 :(得分:-1)
您需要将连接变量作为mysqli_real_escape_string函数的两个变量之一传递
例如
$a = mysqli_real_escape_string($conn, $_POST['a']);