Question

对于PHP，我是菜鸟。我正在尝试学习和构建一个非常好的PHP表单，它使用recaptcha并将数据发送到mysql。我有问题让mysql函数工作。我收到了错误

语法错误，意外';'在第42行的testing.php中

当我删除它时会启动其他错误。任何有关此错误的帮助将不胜感激！

<?php
    error_reporting(E_ALL);
    ini_set('display_errors', 1);

    // keys from Google reCaptcha https://www.google.com/recaptcha/admin
    $sitekey = 'site_key';
    $secretkey = 'secret_key';

    $alert = '';
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        $fullname;$username;$email;$message;$captcha;
            if(isset($_POST['fullname']))
                    $fullname=$_POST['fullname'];
            if(isset($_POST['username']))
                    $username=$_POST['username'];
            if(isset($_POST['email']))
                    $email=$_POST['email'];
            if(isset($_POST['message']))
                    $message=$_POST['message'];
            if(isset($_POST['g-recaptcha-response']))
                    $captcha=$_POST['g-recaptcha-response'];

                if(!$captcha)
                $alert = '<div class="alert alert-warning" role="alert">Please wait until the captcha protection give you a check mark.</div>';

            $response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret='.$secretkey.'&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));

        if($response->success==false)
        {
            /* lets set the error message for the alert... */
            if ($alert=='')
                $alert = '<div class="alert alert-danger" role="alert">Some how you have been detected has a spammer.</div>';
            }
        else
        {

            //Connecting to sql db.
            $connect = mysqli_connect("XXXX","XXXX","XXXX","XXXX");
            //Sending form data to sql db.
            mysqli_query($connect,"INSERT INTO pro_tools.Users (full_name, users_name, email, message)
            VALUES ('$_POST[post_fullname]', '$_POST[post_username]', '$_POST[post_email]', '$_POST[post_message]')";
            $alert = '<div class="alert alert-success" role="alert">Thank you for your submission!</div>';
            }
    }

?>

Answer 1

第42至45行将是： -

mysqli_query($connect, "INSERT INTO pro_tools.Users (full_name, users_name, email, message)
VALUES (" . $_POST['post_fullname'] . "," . $_POST['post_username'] . "," . $_POST['post_email'] . "," . $_POST['post_message'] . ")");
$alert .= "<div class='alert alert-success' role='alert'>Thank you for your submission!</div>";

您有语法错误，您还必须 concat 变量才能在 $ alert

中拥有正确的html

Answer 2

我认为你在这里有一个sytax错误

 $response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret='.$secretkey.'&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));

我会尝试解决它

 $response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));

你用这个＆＃39;而不是这个＆＃34;你把它混合了

Answer 3

您的查询有点偏离，最后缺少一个括号mysqli_query。但是，您很容易受到SQL注入的攻击，因此应该使用预准备语句。

下面给出一个例子

if ($stmt = mysqli_prepare($connect, "INSERT INTO pro_tools.Users (full_name, users_name, email, message) VALUES (?, ?, ?, ?)")) {
    mysqli_stmt_bind_param($stmt, "ssss", $_POST['fullname'], $_POST['username'], $_POST['email'], $_POST['message'], );
    mysqli_stmt_execute($stmt);
}

这将取代您当前的代码：

mysqli_query($connect,"INSERT INTO pro_tools.Users (full_name, users_name, email, message)
        VALUES ('$_POST[post_fullname]', '$_POST[post_username]', '$_POST[post_email]', '$_POST[post_message]')";

你提到“其他错误出现”，我们不知道那些是什么 - 如果你需要帮助，你必须告诉我们出现了什么错误，以及它们在哪一行（我们不知道你的代码中的第42行。

Answer 4

INSERT 查询生成中存在一些语法错误：

使用以下代码替换 mysqli_query 。

$sql = "INSERT INTO pro_tools.Users (full_name, users_name, email, message)"
                    . "VALUES (?,?,?,?)";
            $stmt = $connect->prepare($sql);
            $stmt->bind_param("ssss", $_POST['post_fullname'], $_POST['post_username'], $_POST['post_email'], $_POST['post_message']);
            $stmt->execute();

PHP表单与recaptcha和mysql插入错误

4 个答案: