我每次播种时都会在我的文本字段中输入Apostrophe(')(语法错误,意外的T_STRING),我不解决PHP中的撇号问题 是我的代码:请有人帮助我,谢谢你。
register.php
<?php
session_start();
?>
<div id="reg">
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
<html>
<head>
</head>
<body>
<form action='register-exec.php' method='post' enctype='multipart/form-data' name='loginForm' id='loginForm'>
<table width='629' height='211' border='0' align='center' cellpadding='1' cellspacing='0'>
<tr>
<th align='left'>First Name :</th>
<td><input name='fname' type='text' class='textfield' id='fname' /></td>
</tr>
<tr>
<th align='left'>Last Name :</th>
<td><input name='lname' type='text' class='textfield' id='lname' /></td>
</tr>
<tr>
<th align='left'>Email :</th>
<td><input name='email' type='text' class='textfield' id='email' /></td>
</tr>
<tr>
<th width='166' align='left'>UserName :</th>
<td width='459'><input name='login' type='text' class='textfield' id='login' /></td>
</tr>
<tr>
<th align='left'>Password :</th>
<td><input name='password' type='password' class='textfield' id='password' /></td>
</tr>
<tr>
<th align='left'>Confirm Password :</th>
<td><input name='cpassword' type='password' class='textfield' id='cpassword' /></td>
</tr>
<tr>
<td>Country :</td>
<td><select name='country' id='country'>
<option value='' selected></option>
<option value='San Marino'>San Marino</option>
<option value='Saudi Arabia'>Saudi Arabia</option>
<option value='Seychelles'>Seychelles</option>
<option value='Singapore'>Singapore</option>
<option value='Slovakia'>Slovakia</option>
<option value='Slovenia'>Slovenia</option>
<option value='Solomon Islands'>Solomon Islands</option>
<option value='South Africa'>South Africa</option>
<option value='Spain'>Spain</option>
<option value='Sri Lanka'>Sri Lanka</option>
<option value='St.Pierre and Miquelon'>St.Pierre and Miquelon</option>
<option value='St.Vincent and the Grenadines'>St.Vincent and the Grenadines</option>
<option value='Sweden'>Sweden</option>
<option value='Switzerland'>Switzerland</option>
<option value='Syria'>Syria</option>
<option value='Taiwan '>Taiwan </option>
<option value='Tajikistan'>Tajikistan</option>
<option value='Thailand'>Thailand</option>
<option value='Trinidad and Tobago'>Trinidad and Tobago</option>
<option value='Turkey'>Turkey</option>
<option value='Turkmenistan'>Turkmenistan</option>
<option value='Turks and Caicos Islands'>Turks and Caicos Islands</option>
<option value='Ukraine'>Ukraine</option>
<option value='UAE'>UAE</option>
<option value='UK'>UK</option>
<option value='USA'>USA</option>
<option value='Uruguay'>Uruguay</option>
<option value='Uzbekistan'>Uzbekistan</option>
<option value='Vanuatu'>Vanuatu</option>
<option value='Vatican City'>Vatican City</option>
<option value='Vietnam'>Vietnam</option>
<option value='Virgin Islands (GB)'>Virgin Islands (GB)</option>
<option value='Virgin Islands (U.S.) '>Virgin Islands (U.S.) </option>
<option value='Wallis and Futuna Islands'>Wallis and Futuna Islands</option>
<option value='Yemen'>Yemen</option>
<option value='Yugoslavia'>Yugoslavia</option>
</select></td>
</tr>
<tr>
<td>City :</td>
<td><input name='city' type='text' class='textfield' id='city' /></td>
</tr>
<tr>
<td>Upload Image :</td>
<td> <input type='file' name='image' id='image' />
</td>
</tr>
<tr>
<td> </td>
<td><input type='submit' name='Submit' value='Register' /></td>
</tr>
</table>
</form>
</div>
</body>
</html>
寄存器exec.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config2.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$fname = clean($_POST['fname']);
$lname = clean($_POST['lname']);
$email = clean($_POST['email']);
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
$country = clean($_POST['country']);
$city = clean($_POST['city']);
//Input Validations
if($fname == '') {
$errmsg_arr[] = 'First name missing';
$errflag = true;
}
if($lname == '') {
$errmsg_arr[] = 'Last name missing';
$errflag = true;
}
if($email == '') {
$errmsg_arr[] = 'Email missing';
$errflag = true;
}
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if($country == '') {
$errmsg_arr[] = 'Country is missing';
$errflag = true;
}
if($city == '') {
$errmsg_arr[] = 'City is mising';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//Check for duplicate email
if($email != '') {
$qry = "SELECT * FROM members WHERE email='$email'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Email ID already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
}
//Check for duplicate login ID
if($login != '') {
$qry = "SELECT * FROM members WHERE login='$login'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Login ID already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php?page=register");
exit();
}
// Variable for hours
$hourdiff = "5"; // hours difference between server time and local time
// Nothing needs to be changed below here unless you want to change
// the format of the date (see above for URL of options) or your local
// time is behind the server time
$timeadjust = ($hourdiff * 3600);
$melbdate = date("l, d M Y h:i:s a",time() + $timeadjust);
echo $melbdate;
// Generates activation code simple 4 digit number
$activ_code = rand(1000,9999);
$email = $_POST['email'];
$login = $_POST['login'];
//Ip Address Varified
$http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
$http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remote_addr = $_SERVER['REMOTE_ADDR'];
if (!empty($http_client_ip)) {
$ip_address = $http_client_ip;
}elseif (!empty($http_x_forwarded_for)) {
$ip_address = $http_x_forwarded_for;
}else {
$ip_address = $remote_addr;
}
$ip_address = $ip_address;
//Image upload
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name = addslashes($_FILES['image']['name']);
$image_size = getimagesize($_FILES['image']['tmp_name']);
//Create INSERT query
$qry = "INSERT INTO members(firstname, lastname, email, login, passwd,country,city,time,ip,name,image,activation_code) VALUES('$fname','$lname','$email','$login','".($_POST['password'])."','$country','$city','$melbdate','$ip_address','$image_name','$image','$activ_code')";
$result = @mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: register-success.php");
exit();
}else {
die("Query failed");
}
?>
答案 0 :(得分:1)
在您的function clean($str)
问题中,您可以删除此功能并将mysql_real_escape_string()
添加到每个$_POST[]
中,如下所示:
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);
$cpassword = mysql_real_escape_string($_POST['cpassword']);
$country = mysql_real_escape_string($_POST['country']);
$city = mysql_real_escape_string($_POST['city']);
我认为这会奏效。