我查看了其他类似问题的帖子,但在调用mysql_real_escape_string()之前我正在连接到我的数据库。我正在使用mysqli表示我的表单,下面的代码以及我收到的错误。
错误:
警告:mysql_real_escape_string():在第7行的/home/u378761662/public_html/twitter/index.php中拒绝用户“root”@“localhost”(使用密码:NO)
警告:mysql_real_escape_string():无法在/home/u378761662/public_html/twitter/index.php中建立指向服务器的链接 第7行
警告:mysql_real_escape_string():第8行/home/u378761662/public_html/twitter/index.php中的用户'root'@'localhost'(使用密码:NO)拒绝访问
警告:mysql_real_escape_string():无法在第8行的/home/u378761662/public_html/twitter/index.php中建立指向服务器的链接
PHP:
<?php
include 'db.php';
$msg='';
if(!empty($_POST['email']) && isset($_POST['email']) && !empty($_POST['password']) && isset($_POST['password']) )
{
// LINES BELOW ARE 7 & 8
$email=mysqli_real_escape_string($_POST['email']);
$password=mysqli_real_escape_string($_POST['password']);
// regular expression for email check
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/';
if(preg_match($regex, $email))
{
$password=md5($password); // encrypted password
$activation=md5($email.time()); // encrypted email+timestamp
$count=mysqli_query($connection,"SELECT uid FROM users WHERE email='$email'");
// email check
if(mysqli_num_rows($count) < 1)
{
mysqli_query($connection,"INSERT INTO users(email,password,activation) VALUES('$email','$password','$activation')");
// sending email
include 'smtp/Send_Mail.php';
$to=$email;
$subject="Email verification";
$body='Hi, <br/> <br/> We need to make sure you are human. Please verify your email and get started using your Website account. <br/> <br/> <a href="'.$base_url.'activation/'.$activation.'">'.$base_url.'activation/'.$activation.'</a>';
Send_Mail($to,$subject,$body);
$msg= "Registration successful, please activate email.";
}
else
{
$msg= 'The email is already taken, please try new.';
}
}
else
{
$msg = 'The email you have entered is invalid, please try again.';
}
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>PHP Email Verification Script</title>
<link rel="stylesheet" href="style.css"/>
</head>
<body>
<div id="main">
<h1>PHP Email Verification Script</h1>
<form action="" method="post">
<label>Email</label> <input type="text" name="email" class="input" autocomplete="off"/>
<label>Password </label><input type="password" name="password" class="input" autocomplete="off"/><br/>
<input type="submit" class="button button-primary" value="Registration" /> <span class='msg'><?php echo $msg; ?></span>
</form>
</div>
</body>
</html>
答案 0 :(得分:1)
根据您的editted question:
您在以下位置省略了数据库连接参数:
$email=mysqli_real_escape_string($_POST['email']);
$password=mysqli_real_escape_string($_POST['password']);
将其替换为:
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
原始答案before you edit
您使用mysql_real_escape_string代替mysqli_real_escape_string
替换:
$email=mysql_real_escape_string($_POST['email']);
$password=mysql_real_escape_string($_POST['password']);
使用:
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
我注意到您使用md5密码。这种方法不再被认为是安全的。请使用其他方法。
答案 1 :(得分:0)
您正尝试将mysql_real_escape_string与mysqli连接一起使用。相反,您必须使用mysqli_real_escape_string
答案 2 :(得分:0)
由于您使用的是mysqli,而不是尝试使用转义字符串函数,请使用Prepared Statements。
http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
绑定参数,mysqli将处理转义。