PHP和MySQL T_CONSTANT_ENCAPSED_STRING错误

时间:2012-01-21 20:18:31

标签: php mysql token

有人可以解释为什么会这样吗?这是完整的代码。

<?php
$country = "UNKNOWN";
if ($_REQUEST['id'] == "register") {
    $name = $_POST['Name'];
    if ($_POST['Email'] == $_POST['emailrepeat']) {
        $email = $_POST['Email'];
    }
    $username = $_POST['username'];
    if ($_POST['password'] == $_POST['PasswordAgain']) {
        $password = $_POST['password'];
    }
    $address = $_POST['Address'];
    $county = $_POST['billingState'];
    $city = $_POST['city'];
    $zip = $_POST['Zip'];
    $code = rand(11212,123243132);
    mysql_connect("extraterrestrial.x10.mx","extrater","*******");
    mysql_select_db("extrater_keys");
    $moi = "VALUES ("$name","1","0","$password","$_SERVER['REMOTE_ADDR']","0","$country","0","$county","$country","$city","$email","$zip","$address","$code")";
    $query = "('INSERT INTO info (name, points, isvalidated, password, ip, banned, cc, paypal, state, country, city, email, fullname, zipcode, address, code)"; }
    mail($email, "Le Prizes Confirmation E-Mail", "Thank you for registering with us! Your confirmation link is as follows. \n http://extraterrestrial.x10.mx/confirm.php?code=" + $code + " Happy Earning!");
header( "Location: thanks.php" );
?>

这是我的GPT流程脚本,它将注册用户。它是由我制作的。

3 个答案:

答案 0 :(得分:2)

mail($email, "Le Prizes Confirmation E-Mail", "Thank you for registering with us! Your confirmation link is as follows. \n http://extraterrestrial.x10.mx/confirm.php?code=" . $code . " Happy Earning!");

首先尝试关闭,您要添加$code而不是连接。

此外,

$moi = "VALUES ('$name','1','0','$password','" . $_SERVER['REMOTE_ADDR'] . "','0','$country','0','$county','$country','$city','$email','$zip','$address','$code')";

是一个比以前更好的线,因为另一条线在“内部”没有转义,因此每次都会终止该字符串。

另外,让我们不要忘记SQL注入!在将输入插入数据库之前清理输入。

答案 1 :(得分:1)

这一行:

$moi = "VALUES ("$name","1","0","$password","$_SERVER['REMOTE_ADDR']","0","$country","0","$county","$country","$city","$email","$zip","$address","$code")";

包含解析错误。改变它:

$moi = "VALUES ('$name','1','0','$password','{$_SERVER['REMOTE_ADDR']}','0','$country','0','$county','$country','$city','$email','$zip','$address','$code')";

正如Cyclone所提到的,你还应该在将数据发送到mysql服务器之前对其进行清理。使用mysql_real_escape_string

http://es.php.net/manual/en/function.mysql-real-escape-string.php

并考虑使用mysqli而不是mysql的可能性:

http://es.php.net/manual/en/book.mysqli.php

清理是强制性的,因为你必须在这些变量中使用转义字符secuence来逃避单引号:$ name,$ password,$ _SERVER ['REMOTE_ADDR'],$ country,$ county,$ city,$ email ,$ zip,$ address和$ code

答案 2 :(得分:0)

在分配给$moi时,您已经对引号(以及其他内容)进行了评论。

相关问题
最新问题