在这里,我正在创建注册一个新的用户表单,但我在mysql_real_escape_string()
.so中遇到问题,我使用了替代mysqli_real_escape_string()
并尝试了
mysqli_real_escape_string($conn,$_POST['user_name'])
但没有工作。这里,我已经创建了一个单独的connect.php(用于与服务器和数据库的连接)文件,以节省我的时间,我已经使用在signup.php文件中包含该文件p>
include 'connect.php';
我不确定单独使用connect.php文件mysqli_real_escape_string($conn,$_POST['user_name'])
是否可以使用。
<?php
$server='localhost';
$username='root';
$password='';
$db_name='web_forum_db';
if(!$conn=mysqli_connect($server,$username,$password))
{
exit('Error: could not establish database connection');
}
if (!mysqli_select_db($conn,$db_name))
{
exit('Error: could not select the database');
}
mysqli_close($conn);
?>
<?php
include 'connect.php';
include 'header.php';
echo '<h3>Sign up</h3>';
if($_SERVER['REQUEST_METHOD'] !='POST')
{
echo '<form method="POST" action="">
Username:<input type="text" name="user_name"/>
Password: <input type="password" name="user_pass">
Password again:<input type="password" name="user_pass_check">
E-mail:<input type="email" name="user_email">
<input type="submit" value="Add category"/>
</form>';
}
else
{
$errors = array();/*declare the array for later use*/
if(isset($_POST['user_name']))
{
//the user name exists
if (!ctype_alnum($_POST['user_name'])) {
$errors[]='The username can only contain letters and digits.';
}
if(strlen($_POST['user_name'])>30)
{
$errors[]='The username cannot be longer than 30 characters.';
}
}
else
{
$errors[]='The username field must not be empty.';
}
if(isset($_POST['user_pass']))
{
if($_POST['user_pass'] !=$_POST['user_pass_check'])
{
$errors[]='The two passwords did not match.';
}
}
else
{
$errors[]='The password field cannot be empty.';
}
if (!empty($errors))/*check for an empty array, if there are errors, they`re in this array*/ {
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach ($errors as $key => $value)/*walk through the array so all the errors get displayed*/
{
echo '<li>' . $value. '</li>';/*This generates a nice error list*/
}
echo '</ul>';
}
else
{
$sql = "INSERT INTO users(user_name,user_pass,user_email,user_date,user_level) VALUES('".mysqli_real_escape_string($conn,$_POST['user_name'])."',
'".sha1($_POST['user_pass'])."',
'".mysqli_real_escape_string($conn,$_POST['user_email'])."',
NOW(),0)";
$result=mysqli_query($conn,$sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while registering. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
echo 'Successfully registered. You can now <a href="signin.php">sign in </a> and start posting! :-)';
}
}
}
include 'footer.php';
?>
显示错误:
警告:mysqli_real_escape_string():无法获取mysqli 第56行的C:\ xampp \ htdocs \ web_forum \ signup.php
警告:sha1()期望参数1是字符串,对象是给定的 第57行的C:\ xampp \ htdocs \ web_forum \ signup.php
警告:mysqli_real_escape_string():无法获取mysqli 第58行的C:\ xampp \ htdocs \ web_forum \ signup.php
警告:mysqli_query():无法获取mysqli 第60行的C:\ xampp \ htdocs \ web_forum \ signup.php
以下代码位于第56,57,58和60行:
$sql = "INSERT INTO users(user_name,user_pass,user_email,user_date,user_level) VALUES('".mysqli_real_escape_string($conn,$_POST['user_name'])."',
'".sha1($_POST['user_pass'])."',
'".mysqli_real_escape_string($conn,$_POST['user_email'])."',
NOW(),0)";
$result=mysqli_query($conn,$sql);
答案 0 :(得分:0)
您在建立mysqli连接后立即关闭它。
只需从 public string RenderMenuPermissions(int userRecNo)
{
try
{
string MenuHTML = "";
string BaseURL = "";
TBL_MASTER_MENU_PERMISSIONDAO oTBL_MASTER_MENU_PERMISSIONDAO = new TBL_MASTER_MENU_PERMISSIONDAO();
DataSet ds = new DataSet();
ds = oTBL_MASTER_MENU_PERMISSIONDAO.GetMenuDetails(userRecNo, ref oTBL_LOG_ERRORSEntity);
DataView dv = new DataView(ds.Tables[0]);
BaseURL = ConfigurationManager.AppSettings["BaseURL"].ToString();
int i, zz = 0;
MenuHTML += Environment.NewLine + "<ul id='nav'>" + Environment.NewLine;
int val = 0;
i = 0;
MenuHTML += "<li> <a href='" + BaseURL + "/" + "Default.aspx'>Home</a></li>" + Environment.NewLine;
int parentID = -1;
///int childParentID = -1;
int count = 0;
int count3Level = 0;
foreach (DataRowView drv in dv)
{
if (Convert.ToInt16(drv["PARENT_ID"]) == 0)
{
val = val + 1;
if (zz == 1)
{
if (count == -1) //in case their are no 1st level submenu after 2nd level submenu for same parentID
{
if (count3Level == 3)
{
MenuHTML += "</ul></li>" + Environment.NewLine;
count3Level = 0;
}
MenuHTML += "</ul></li>" + Environment.NewLine;
MenuHTML += "</a></ul></li>";
count = 0;
zz = 0;
}
else
{
// MenuHTML += "</a></li></ul></li>";
MenuHTML += "</a></ul></li>";
zz = 0;
count = 0;
}
}
MenuHTML += Environment.NewLine + "<li>" + Environment.NewLine;
MenuHTML += "<a href=\"" + drv["MENU_URL"].ToString() + "\" >";
MenuHTML += drv["MENU_NAME"].ToString() + "</a>" + Environment.NewLine;
}
else
{
if (zz == 0)
{
MenuHTML += "<ul>" + Environment.NewLine; //create dropdown for main tab in menu
parentID = Convert.ToInt16(drv["PARENT_ID"]);
}
if ((Convert.ToInt16(drv["PARENT_ID"]) != 0) && (Convert.ToInt16(drv["PARENT_ID"]) == parentID))
{
if (count == -1) //in case their are 1st level submenu after 2nd level submenu for a given submenu for same parentID
{
if (count3Level == 3)
{
MenuHTML += "</ul></li>" + Environment.NewLine;
count3Level = 0;
}
MenuHTML += "</ul></li>" + Environment.NewLine;
count = 0;
}
else if (count >= 1) //close <a> tag for each submenu item
{
MenuHTML += "</a></li>" + Environment.NewLine;
count = 0;
}
//MenuHTML += "<li><a href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "'>" + drv["MENU_NAME"].ToString() + "</a>";
MenuHTML += "<li><a id='" + drv["MENU_ID"].ToString() + "' href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "'>" + drv["MENU_NAME"].ToString();
zz = 1;
count++;
}
else
{
//generate 2nd level submenu
// MenuHTML += "</li>" + Environment.NewLine;
if (count >= 1)
{
MenuHTML += "<img src=\"" + BaseURL + "/images/arrow-right8.gif\" style=\"border-width:0px;vertical-align:middle\" align=\"right\" alt=\"\"/></a>" + Environment.NewLine;
MenuHTML += "<ul>" + Environment.NewLine;
MenuHTML += "<li><a id='" + drv["PARENT_ID"].ToString() + "' href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "' style =\"border-top:solid 1px #0f62ac;\">" + drv["MENU_NAME"].ToString() + "</a></li>" + Environment.NewLine;
count = -1;
}
else
{
if (drv["MENU_URL"].ToString() == "#")
{
MenuHTML += "<li><a id='" + drv["PARENT_ID"].ToString() + "' href='" + drv["MENU_URL"].ToString() + "' >" + drv["MENU_NAME"].ToString() + "<imgCompReq src=\"" + BaseURL + "/images/arrow-right8.gif\" style=\"border-width:0px;vertical-align:middle\" align=\"right\" alt=\"\"/></a>";
MenuHTML += "<ul>" + Environment.NewLine;
count3Level = 1;
}
else
{
if (count3Level == 1)
{
MenuHTML += "<li><a id='" + drv["PARENT_ID"].ToString() + "' href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "' style =\"border-top:solid 1px #0f62ac;\">" + drv["MENU_NAME"].ToString() + "</a></li>" + Environment.NewLine;
count3Level = 3;
}
else
{
MenuHTML += "<li><a id='" + drv["PARENT_ID"].ToString() + "' href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "'>" + drv["MENU_NAME"].ToString() + "</a></li>" + Environment.NewLine;
}
}
}
}
}
}
if (count >= 1)
{
MenuHTML += "</a></li>";
}
MenuHTML += "</ul>" + Environment.NewLine + "</ul>";
MenuHTML = MenuHTML.Replace(BaseURL + "/#", "#"); //MenuHTML.Replace("/GCTS/#", "#");
return MenuHTML;
}
catch (Exception ex)
{
if (oTBL_LOG_ERRORSEntity == null)
{
oTBL_LOG_ERRORSEntity = new TBL_LOG_ERRORSEntity();
oTBL_LOG_ERRORSEntity.FUNCTION_NAME = "RenderMenuPermissions";
oTBL_LOG_ERRORSEntity.MODULE_NAME = "PageClass";
oTBL_LOG_ERRORSEntity.ERROR_TYPE = "Application";
oTBL_LOG_ERRORSEntity.ERROR_DESC = ex.Message;
CommonDAL.InsertException(oTBL_LOG_ERRORSEntity);
oTBL_LOG_ERRORSEntity = null;
}
throw new Exception(ex.Message);
}
}
connect.php
但无论如何,正如Jens已经说过的那样,你应该使用预备语句代替mysqli_close($conn);
。