Question

我正在尝试在下面插入以下内容。当我只取字符串，MZ�\ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \0��\ 0 \0�\ 0 \ 0 \ 0，并直接将它放入insert语句，它的工作原理。但是，当我通过我的函数然后尝试插入时，我从表中选择所有内容时得到一个空集。

   if($_FILES)//check if cookies set
{
    require_once 'DBLogin.php';
    $conn = new mysqli($hn, $un, $pw, $db);
    if($conn -> connect_error) die($conn->connect_error);
    $username = $_REQUEST['uname'];
    //echo "admin: ".$_SESSION['admin']."<br>";


        if (!preg_match("/^[a-zA-Z0-9]+$/", $_POST['mname']))
        {
            echo "Invalid malware name. Only Numbers and Letters allowed". "<br>";
            exit();
        }
        else if(!isset($_SESSION['check']) || !isset($_COOKIE['token']) ||$_SESSION['check'] !== hash('ripemd128', $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['token']))
        {
            echo "Need to login as Admin before can upload files.<br>";
            exit();
        }
        else
        {
            verifyAdmin($conn);
            $fileGood = checkFile($_FILES);
            $entry = getSection($fileGood);

            $entry = chooseSanitization($conn,$entry, $_FILES['file']['type']);
            //$entry = mysql_entities_fix_string($conn,$entry);



            if(checkExistence($conn, $_POST['mname'],$entry) === true)
            {
                echo "Malware sequence and/or name already in database. Please upload different name/sequence. <br>";
                exit();
            }

            $title = $_POST['mname'];


            $insertQuery = "Insert into malwarelist (malwareName, sequence) values ('$title','$entry')";

            //$insertQuery = "Insert into malwarelist (malwareName, sequence) values ('$title','MZ�\0\0\0\0\0\0\0��\0\0�\0\0\0')";
            $conn -> query($insertQuery);

            echo "Malware has been added! <br>";
        }
    $conn->close();
}

function chooseSanitization($connection,$string, $fileType)
{
    if ($fileType === 'text/plain')
    {
        return mysql_entities_fix_string($connection,$string);
    }
    else
    {
        return mysql_fix_string($connection,$string);
    }
}

function mysql_entities_fix_string($connection, $string)
{
    return htmlentities(mysql_fix_string($connection, $string));
}
function mysql_fix_string($connection, $string)
{
    if (get_magic_quotes_gpc()) $string = stripslashes($string);
    return $connection->real_escape_string($string);
}

如果我尝试执行＆＃34;插入恶意软件列表（恶意软件名称，序列）值（＆＃39; $ title＆＃39;，＆＃39;MZ�\ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0＆＃39;）＆＃34;它有效，但如果我尝试这样做：插入恶意软件列表（恶意软件名称，序列）值（＆＃39; $ title＆＃39;，＆＃39; $ entry＆＃39;）＆＃34;。 FYI，$ entry等于MZ�\ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \0��\ 0 \0�\ 0 \ 0 \ 0，但没有插入任何内容。为什么呢？

Answer 1

您将变量title和entry直接作为字符串传递，您需要使用'。'连接变量。操作者试试这个，这可以帮助你 -

$insertQuery = "INSERT INTO malwarelist (malwareName, sequence) VALUES('".$_POST['mname'].'',''.$entry."')";
if ($conn->query($insertQuery) === TRUE) {
    echo "<br>New record successfully inserted  ".$_POST['mname'];
} else {
    echo "Error: " . $insertQuery. "<br>" . $conn->error;
}

如果发生任何错误，请将此错误评论给此答案

要更改编码，请在localhost上运行MySQl查询

ALTER TABLE malwarelist MODIFY COLUMN sequence VARCHAR(255)  
CHARACTER SET utf8 COLLATE utf8mb4_general_ci NOT NULL;

或

ALTER TABLE malwarelist MODIFY COLUMN sequence VARCHAR(255)  
    CHARACTER SET utf8 COLLATE utf8mb4_unicode_ci NOT NULL;

Answer 2

仅在下面，您不能在insert语句中添加标准。

插入恶意软件列表（恶意软件名称，序列）值（＆＃39; $ title＆＃39;，＆＃39; $ entry＆＃39;）＆＃34;;

mysql插入表不起作用

2 个答案: