mysqli_real_escape_string()中的错误?

时间:2016-11-07 07:29:19

标签: php mysql mysqli

在这里,我正在创建注册一个新的用户表单,但我在mysql_real_escape_string() .so中遇到问题,我使用了替代mysqli_real_escape_string()并尝试了

mysqli_real_escape_string($conn,$_POST['user_name'])

但没有工作。这里,我已经创建了一个单独的connect.php(用于与服务器和数据库的连接)文件,以节省我的时间,我已经使用

include 'connect.php';

我不确定单独使用connect.php文件mysqli_real_escape_string($conn,$_POST['user_name'])是否可以使用。

connect.php

<?php
    $server='localhost';
    $username='root';
    $password='';
    $db_name='web_forum_db';

    if(!$conn=mysqli_connect($server,$username,$password))
    {
        exit('Error: could not establish database connection');
    }

    if (!mysqli_select_db($conn,$db_name))
     {
        exit('Error: could not select the database');
    }
    mysqli_close($conn);
?>

signup.php

<?php
    include 'connect.php';
    include 'header.php';
    echo '<h3>Sign up</h3>';
    if($_SERVER['REQUEST_METHOD'] !='POST')
    {
        echo '<form method="POST" action="">
        Username:<input type="text" name="user_name"/>
        Password: <input type="password" name="user_pass">
        Password again:<input type="password" name="user_pass_check">
        E-mail:<input type="email" name="user_email">
        <input type="submit" value="Add category"/>
        </form>';
    }
    else
    {
        $errors = array();/*declare the array for later use*/
        if(isset($_POST['user_name']))
        {
            //the user name exists
            if (!ctype_alnum($_POST['user_name'])) {
                $errors[]='The username can only contain letters and digits.';
            }

            if(strlen($_POST['user_name'])>30)
            {
                $errors[]='The username cannot be longer than 30 characters.';
            }
        }
        else
        {
            $errors[]='The username field must not be empty.';
        }
        if(isset($_POST['user_pass']))
        {
            if($_POST['user_pass'] !=$_POST['user_pass_check'])
            {
                $errors[]='The two passwords did not match.';
            }
        }
        else
        {
            $errors[]='The password field cannot be empty.';
        }
        if (!empty($errors))/*check for  an empty array, if there are errors, they`re in this array*/ {
            echo 'Uh-oh.. a couple of fields are not filled in correctly..';
            echo '<ul>';
            foreach ($errors as $key => $value)/*walk through the array so all the errors get displayed*/
             {
                echo '<li>' . $value. '</li>';/*This generates a nice error list*/
            }
            echo '</ul>';
        }
        else
        {
            $sql = "INSERT INTO users(user_name,user_pass,user_email,user_date,user_level) VALUES('".mysqli_real_escape_string($conn,$_POST['user_name'])."',
            '".sha1($_POST['user_pass'])."',
            '".mysqli_real_escape_string($conn,$_POST['user_email'])."',
            NOW(),0)";
            $result=mysqli_query($conn,$sql);

            if(!$result)
            {
                //something went wrong, display the error

                echo 'Something went wrong while registering. Please try again later.';
                //echo mysql_error(); //debugging purposes, uncomment when needed
            }
            else
            {
                echo 'Successfully registered. You can now <a href="signin.php">sign in </a> and start posting! :-)';
            }

        }
    }
    include 'footer.php';
?>

显示错误:

  

警告:mysqli_real_escape_string():无法获取mysqli   第56行的C:\ xampp \ htdocs \ web_forum \ signup.php

     

警告:sha1()期望参数1是字符串,对象是给定的   第57行的C:\ xampp \ htdocs \ web_forum \ signup.php

     

警告:mysqli_real_escape_string():无法获取mysqli   第58行的C:\ xampp \ htdocs \ web_forum \ signup.php

     

警告:mysqli_query():无法获取mysqli   第60行的C:\ xampp \ htdocs \ web_forum \ signup.php

以下代码位于第56,57,58和60行:

$sql = "INSERT INTO users(user_name,user_pass,user_email,user_date,user_level) VALUES('".mysqli_real_escape_string($conn,$_POST['user_name'])."',
            '".sha1($_POST['user_pass'])."',
            '".mysqli_real_escape_string($conn,$_POST['user_email'])."',
            NOW(),0)";
            $result=mysqli_query($conn,$sql);

1 个答案:

答案 0 :(得分:0)

您在建立mysqli连接后立即关闭它。

只需从 public string RenderMenuPermissions(int userRecNo) { try { string MenuHTML = ""; string BaseURL = ""; TBL_MASTER_MENU_PERMISSIONDAO oTBL_MASTER_MENU_PERMISSIONDAO = new TBL_MASTER_MENU_PERMISSIONDAO(); DataSet ds = new DataSet(); ds = oTBL_MASTER_MENU_PERMISSIONDAO.GetMenuDetails(userRecNo, ref oTBL_LOG_ERRORSEntity); DataView dv = new DataView(ds.Tables[0]); BaseURL = ConfigurationManager.AppSettings["BaseURL"].ToString(); int i, zz = 0; MenuHTML += Environment.NewLine + "<ul id='nav'>" + Environment.NewLine; int val = 0; i = 0; MenuHTML += "<li> <a href='" + BaseURL + "/" + "Default.aspx'>Home</a></li>" + Environment.NewLine; int parentID = -1; ///int childParentID = -1; int count = 0; int count3Level = 0; foreach (DataRowView drv in dv) { if (Convert.ToInt16(drv["PARENT_ID"]) == 0) { val = val + 1; if (zz == 1) { if (count == -1) //in case their are no 1st level submenu after 2nd level submenu for same parentID { if (count3Level == 3) { MenuHTML += "</ul></li>" + Environment.NewLine; count3Level = 0; } MenuHTML += "</ul></li>" + Environment.NewLine; MenuHTML += "</a></ul></li>"; count = 0; zz = 0; } else { // MenuHTML += "</a></li></ul></li>"; MenuHTML += "</a></ul></li>"; zz = 0; count = 0; } } MenuHTML += Environment.NewLine + "<li>" + Environment.NewLine; MenuHTML += "<a href=\"" + drv["MENU_URL"].ToString() + "\" >"; MenuHTML += drv["MENU_NAME"].ToString() + "</a>" + Environment.NewLine; } else { if (zz == 0) { MenuHTML += "<ul>" + Environment.NewLine; //create dropdown for main tab in menu parentID = Convert.ToInt16(drv["PARENT_ID"]); } if ((Convert.ToInt16(drv["PARENT_ID"]) != 0) && (Convert.ToInt16(drv["PARENT_ID"]) == parentID)) { if (count == -1) //in case their are 1st level submenu after 2nd level submenu for a given submenu for same parentID { if (count3Level == 3) { MenuHTML += "</ul></li>" + Environment.NewLine; count3Level = 0; } MenuHTML += "</ul></li>" + Environment.NewLine; count = 0; } else if (count >= 1) //close <a> tag for each submenu item { MenuHTML += "</a></li>" + Environment.NewLine; count = 0; } //MenuHTML += "<li><a href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "'>" + drv["MENU_NAME"].ToString() + "</a>"; MenuHTML += "<li><a id='" + drv["MENU_ID"].ToString() + "' href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "'>" + drv["MENU_NAME"].ToString(); zz = 1; count++; } else { //generate 2nd level submenu // MenuHTML += "</li>" + Environment.NewLine; if (count >= 1) { MenuHTML += "<img src=\"" + BaseURL + "/images/arrow-right8.gif\" style=\"border-width:0px;vertical-align:middle\" align=\"right\" alt=\"\"/></a>" + Environment.NewLine; MenuHTML += "<ul>" + Environment.NewLine; MenuHTML += "<li><a id='" + drv["PARENT_ID"].ToString() + "' href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "' style =\"border-top:solid 1px #0f62ac;\">" + drv["MENU_NAME"].ToString() + "</a></li>" + Environment.NewLine; count = -1; } else { if (drv["MENU_URL"].ToString() == "#") { MenuHTML += "<li><a id='" + drv["PARENT_ID"].ToString() + "' href='" + drv["MENU_URL"].ToString() + "' >" + drv["MENU_NAME"].ToString() + "<imgCompReq src=\"" + BaseURL + "/images/arrow-right8.gif\" style=\"border-width:0px;vertical-align:middle\" align=\"right\" alt=\"\"/></a>"; MenuHTML += "<ul>" + Environment.NewLine; count3Level = 1; } else { if (count3Level == 1) { MenuHTML += "<li><a id='" + drv["PARENT_ID"].ToString() + "' href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "' style =\"border-top:solid 1px #0f62ac;\">" + drv["MENU_NAME"].ToString() + "</a></li>" + Environment.NewLine; count3Level = 3; } else { MenuHTML += "<li><a id='" + drv["PARENT_ID"].ToString() + "' href='" + BaseURL + "/" + drv["MENU_URL"].ToString() + "'>" + drv["MENU_NAME"].ToString() + "</a></li>" + Environment.NewLine; } } } } } } if (count >= 1) { MenuHTML += "</a></li>"; } MenuHTML += "</ul>" + Environment.NewLine + "</ul>"; MenuHTML = MenuHTML.Replace(BaseURL + "/#", "#"); //MenuHTML.Replace("/GCTS/#", "#"); return MenuHTML; } catch (Exception ex) { if (oTBL_LOG_ERRORSEntity == null) { oTBL_LOG_ERRORSEntity = new TBL_LOG_ERRORSEntity(); oTBL_LOG_ERRORSEntity.FUNCTION_NAME = "RenderMenuPermissions"; oTBL_LOG_ERRORSEntity.MODULE_NAME = "PageClass"; oTBL_LOG_ERRORSEntity.ERROR_TYPE = "Application"; oTBL_LOG_ERRORSEntity.ERROR_DESC = ex.Message; CommonDAL.InsertException(oTBL_LOG_ERRORSEntity); oTBL_LOG_ERRORSEntity = null; } throw new Exception(ex.Message); } }

中删除此行即可
connect.php

但无论如何,正如Jens已经说过的那样,你应该使用预备语句代替mysqli_close($conn);