我试图在我的代码中使用mysql_real_escape_string。它可以与localhost一起使用。而它在其他服务器上显示错误。我怎样才能找到解决方案呢。任何人都可以给我解决我的代码错误的方法
<?php
$username = "abcdb";
$password = "Abc@2014";
$hostname = "abcdb.db.9135182.hostedresource.com";
$db = "abcdb";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');
//connection to the database
$name="";
$email="";
$batch="";
$mobile="";
if (isset($_POST['submit'])) {
$error = "";
if (!empty($_POST['name'])) {
$name = mysql_real_escape_string($_POST['name']);
} else {
$error .= "You didn't type in your name. <br />";
}
if (!empty($_POST['email'])) {
$email =mysql_real_escape_string($_POST['email']);
if (!preg_match("/^[_a-z0-9]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$error .= "The e-mail address you entered is not valid. <br/>";
}
} else {
$error .= "You didn't type in an e-mail address. <br />";
}
if (!empty($_POST['batch'])) {
$batch =mysql_real_escape_string($_POST['batch']);
if (!preg_match('/^[0-9]{4}$/', $batch)) {
$error .= "Enter a valid batch. <br/>";
}
}
else {
$error .= "You didn't type batch. <br />";
}
if(($_POST['code']) == $_SESSION['code']) {
$code = $_POST['code'];
} else {
$error .= "The captcha code you entered does not match. Please try again. <br />";
}
if (!empty($_POST['mobile'])) {
$mobile =mysql_real_escape_string($_POST['mobile']);
if (!preg_match('/^[0-9]{10}$/', $mobile)) {
$error .= "Enter a valid Mobile number. <br/>";
}
}else {
$error .= "You didn't type your Mobile Number. <br />";
}
答案 0 :(得分:1)
研究使用预备语句(例如使用mysqli - http://php.net/manual/en/book.mysqli.php)。不推荐使用mysql_real_escape_string。您的服务器和localhost mysql版本可能不同。
请参阅Why shouldn't I use mysql_* functions in PHP?
您刚刚发布的错误消息也为您提供了线索。在调用mysql_real_escape_string
之前,测试传递的参数是一个字符串