我在wordpress中的Post和Pages插件中使用Allow PHP,我通过它集成表单
警告:mysql_real_escape_string():21在第789行的..wp-includes \ wp-db.php中不是有效的MySQL-Link资源
警告:mysql_error():21在第1102行的..wp-includes \ wp-db.php中不是有效的MySQL-Link资源
我的表格代码在这里
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("form", $con);
$sql="INSERT INTO data (consignor,consignee, conveyance, origin, entry_port, importing_country, container_no, package_no, package_type, product_name, bot_name, quantity, certify, add_declaration, date,treatment, duration_temprature, concentration, add_information, inspector_name, place, name_designation, issue_date)
VALUES
('$_POST[exporter]', '$_POST[importer]', '$_POST[conveyance]', '$_POST[origin]', '$_POST[dpoe]', '$_POST[impcon]', '$_POST[container]', '$_POST[nopk]', '$_POST[tyop]', '$_POST[name]', '$_POST[botname]', '$_POST[quantity]', '$_POST[certify]', '$_POST[declaration]', '$_POST[date]', '$_POST[treatment]', '$_POST[dutemp]', '$_POST[concen]', '$_POST[adinfo]', '$_POST[insname]', '$_POST[place]', '$_POST[namedesg]', '$_POST[dateissue]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Form Submitted";
mysql_close($con);
?>
<form action="#" method="post">
<table height ="200px" width="676" border="1" cellspacing="0" cellpadding="0">
<tr>
<td colspan="7" valign="top" width="676">
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">1. Exporter/Consignor (Name & Address)<br/>
<input type="text" name="exporter" />
</td>
<td colspan="4" valign="top" width="356">2. Importer/Consignee (Name & Address)
<input type="text" name="importer" />
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">3. Declared means of conveyance
<input type="text" name="conveyance" /></td>
<td colspan="4" valign="top" width="356">4. Place of Origin<br/>
<input type="text" name="origin" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">5. Declared Port of entry<br/>
<input type="text" name="dpoe" /></td>
<td colspan="4" valign="top" width="356">6. Department of Plant Protection of Pakistan To Plant Protection Organization Of (importing country)<br/>
<input type="text" name="impcon" />
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">7. Distinguishing marks/Container No./ Seal No.<br/>
<input type="text" name="container" /></td>
<td colspan="3" valign="top" width="172">8. No. of Packages<br/>
<input type="text" name="nopk" />
</td>
<td valign="top" width="184">9. Type of packages<br/>
<input type="text" name="tyop" /></td>
</tr>
<tr>
<td valign="top" width="221">10. Name of Product<br/>
<input type="text" name="name" /></td>
<td colspan="4" valign="top" width="233">11. Botanical name of plant
<br/>
<input type="text" name="botname" />
</td>
<td colspan="2" valign="top" width="221">12. Quantity<br/>
<input type="text" name="quantity" /></td>
</tr>
<tr>
<td colspan="7" valign="top" width="676">13. This is to certify that the plants, plant products or other regulated articles described herein above have been inspected and/ or tested according to appropriate official procedures and are considered to be free from the quarantine pests, specified by the importing contracting party and to conform with the current phytosanitary requirements of the importing contracting party including those for regulated non-quarantine pests.<br/>
<input type="checkbox" name="certify" value="Yes"/> Yes
<input type="checkbox" name="certify" value="No"/> No<br/>
</td>
</tr>
<tr>
<td colspan="7" valign="top" width="676">14. Additional Declaration
<br/>
<textarea name="declaration" cols="40" rows="2">Please limit your response to 200 characters.</textarea><br />
</td>
</tr>
<tr>
<td colspan="7" valign="top" width="676" bgcolor="grey">
<p align="center"><strong>Disinfestations and / or disinfection treatment </strong></p>
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">15. Date
<br/>
<input type="text" name="date" /></td>
<td colspan="4" valign="top" width="356">16. Treatment<br/>
<input type="text" name="treatment" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">17. Duration & Temperature
<br/>
<input type="text" name="dutemp" />
</td>
<td colspan="4" valign="top" width="356">18. Concentration<br/>
<input type="text" name="concen" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">19. Additional Information
<br/>
<textarea name="adinfo" cols="40" rows="2">Please limit your response to 200 characters.</textarea><br />
</td>
<td colspan="4" valign="top" width="356">20. Name of Inspector<br/>
<input type="text" name="insname" /></td>
</tr>
<tr>
<td colspan="2" valign="top" width="240">21. Stamps of Organization
<br></br><br></br>
</td>
<td rowspan="2" colspan="2" valign="top" width="168">
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong>PROGRESSIVE </strong></p>
</td>
<td rowspan="2" colspan="3" valign="top" width="340">23. Place of issue<br/>
<input type="text" name="place" /><br/>
24. Signature__________________________<br/><br></br>
25. Name and designation of authorized officer
<input type="text" name="namedesg" /> <br/><br/>
26. Date <br/>
<input type="text" name="dateissue" /></p></td>
</tr>
<tr>
<td colspan="2" valign="top" width="240">22. No financial liability with respect to this certificate shall attach to department of plant protection or to any of its officers or representatives
<br></br></td>
</tr>
<tr>
<td width="221" border="0"></td>
<td width="19"></td>
<td width="80"></td>
<td width="48"><input type="submit" value="Submit Form" /></td>
<td width="47"><input type="reset" value="Reset" /></td>
<td width="137"></td>
<td width="220"></td>
</tr>
<tr><td></td>
<td></td>
<td></td>
<td align="right"></td>
</tr>
</table>
</form>
</html>
答案 0 :(得分:1)
在wordpress中,你不能使用普通的mysql系统调用数据库。您需要通过
调用数据库global $wpdb;
有关更多示例,请参阅此链接。 http://codex.wordpress.org/Class_Reference/wpdb
修改强> 的
尝试将PHP调用代码更改为类似的内容。
的 EDIT2 强> 的
添加一些代码以防止SQL攻击。基本上把它们变成变量并逃脱它。
<?php
//no need to connect & close to db. it's done automatically by wpdb.
// the database MUST be the same with wordpress database. only different tables.
global $wpdb;
//protect your codes from attacks.
@ isset($_POST['exporter']) ? $exporter=$wpdb->escape($_POST['exporter']) : $exporter='';
@ isset($_POST['importer']) ? $importer=$wpdb->escape($_POST['importer']) : $importer='';
@ isset($_POST['conveyance']) ? $conveyance=$wpdb->escape($_POST['conveyance']) : $conveyance='';
//....
@ isset($_POST['dateissue']) ? $dateissue=$wpdb->escape($_POST['dateissue']) : $dateissue='';
if (!$wpdb->insert('data',
array(
'consignor'=>$exporter
,'consignee'=>$importer
,'conveyance'=>$conveyance
//...
,'issue_date'=>$dateissue
))) exit;
else {echo 'Form Submitted';}
?>