1. 首页
  2. 问答
  3. PHP和MySQL T_CONSTANT_ENCAPSED_STRING错误

PHP和MySQL T_CONSTANT_ENCAPSED_STRING错误

2012-01-21 38 views
-1

有人可以解释为什么会发生这种情况吗?这是完整的代码。PHP和MySQL T_CONSTANT_ENCAPSED_STRING错误

<?php 
$country = "UNKNOWN"; 
if ($_REQUEST['id'] == "register") { 
    $name = $_POST['Name']; 
    if ($_POST['Email'] == $_POST['emailrepeat']) { 
     $email = $_POST['Email']; 
    } 
    $username = $_POST['username']; 
    if ($_POST['password'] == $_POST['PasswordAgain']) { 
     $password = $_POST['password']; 
    } 
    $address = $_POST['Address']; 
    $county = $_POST['billingState']; 
    $city = $_POST['city']; 
    $zip = $_POST['Zip']; 
    $code = rand(11212,123243132); 
    mysql_connect("extraterrestrial.x10.mx","extrater","*******"); 
    mysql_select_db("extrater_keys"); 
    $moi = "VALUES ("$name","1","0","$password","$_SERVER['REMOTE_ADDR']","0","$country","0","$county","$country","$city","$email","$zip","$address","$code")"; 
    $query = "('INSERT INTO info (name, points, isvalidated, password, ip, banned, cc, paypal, state, country, city, email, fullname, zipcode, address, code)"; } 
    mail($email, "Le Prizes Confirmation E-Mail", "Thank you for registering with us! Your confirmation link is as follows. \n http://extraterrestrial.x10.mx/confirm.php?code=" + $code + " Happy Earning!"); 
header("Location: thanks.php"); 
?>

这是我的GPT流程脚本,它将注册用户。它是由我制作的。

来源

2012-01-21 Adam Orama

+0

S QL注射。 – stryba

+0

谢谢?我该如何解决这个问题,如果你能帮助确保安全,我可以让你成为我网站上的管理员! –

回答

2 
mail($email, "Le Prizes Confirmation E-Mail", "Thank you for registering with us! Your confirmation link is as follows. \n http://extraterrestrial.x10.mx/confirm.php?code=" . $code . " Happy Earning!");

试试这个第一关,你将$code而不是串联。

此外,

$moi = "VALUES ('$name','1','0','$password','" . $_SERVER['REMOTE_ADDR'] . "','0','$country','0','$county','$country','$city','$email','$zip','$address','$code')";

比你有什么以前更好的线,因为其他行有“内”转义,因此被终止每一次的字符串。

另外,我们不要忘记SQL注入!在将输入插入数据库之前对输入进行消毒。

来源

2012-01-21 20:20:41 Cyclone

+0

另外,'$ moi'也没有正确定义。这些变量实际上并没有连接到他的字符串中。 – Josh

+0

“$ moi”有什么问题? –

+0

请参阅我的编辑。 – Cyclone

0

分配给$moi时,你已经在引号(除其他事项)上伪装了。

来源

2012-01-21 20:21:53

+0

我该如何解决这个问题?我删除了什么引号? –

+0

你真的试过读你的代码吗? –

+0

不需要聪明的嘴巴。 –

1

这条线:

$moi = "VALUES ("$name","1","0","$password","$_SERVER['REMOTE_ADDR']","0","$country","0","$county","$country","$city","$email","$zip","$address","$code")";

包含解析错误。通过改变它:

$moi = "VALUES ('$name','1','0','$password','{$_SERVER['REMOTE_ADDR']}','0','$country','0','$county','$country','$city','$email','$zip','$address','$code')";

旋风分离器中提到,你也应该把它发送到你的MySQL服务器之前,净化你的数据。使用mysql_real_escape_string

http://es.php.net/manual/en/function.mysql-real-escape-string.php

,并考虑到了考虑可能使用mysqli的,而不是MySQL的太多:

http://es.php.net/manual/en/book.mysqli.php

消毒是必须的,因为你必须转义单引号'与转义字符在这些变量中,secuence':$ name,$ password,$ _SERVER ['REMOTE_ADDR'],$ country,$ county,$ city,$ email,$ zip,$ address和$ code

来源

2012-01-21 20:38:07

相关问题

 相关问题