0

我在 wordpress 中使用 Allow PHP in Post 和 Pages 插件,通过它我集成了一个表单

警告:mysql_real_escape_string(): 21 在第 789 行的 ..wp-includes\wp-db.php 中不是有效的 MySQL-Link 资源

警告:mysql_error(): 21 在第 1102 行的 ..wp-includes\wp-db.php 中不是有效的 MySQL-Link 资源

我的表格代码在这里

    $con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("form", $con);
$sql="INSERT INTO data (consignor,consignee, conveyance, origin, entry_port, importing_country, container_no, package_no, package_type, product_name, bot_name, quantity, certify, add_declaration, date,treatment, duration_temprature, concentration, add_information, inspector_name, place, name_designation, issue_date)
VALUES
('$_POST[exporter]', '$_POST[importer]', '$_POST[conveyance]', '$_POST[origin]', '$_POST[dpoe]', '$_POST[impcon]', '$_POST[container]', '$_POST[nopk]', '$_POST[tyop]', '$_POST[name]', '$_POST[botname]', '$_POST[quantity]', '$_POST[certify]', '$_POST[declaration]', '$_POST[date]', '$_POST[treatment]', '$_POST[dutemp]', '$_POST[concen]', '$_POST[adinfo]', '$_POST[insname]', '$_POST[place]', '$_POST[namedesg]', '$_POST[dateissue]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Form Submitted";

mysql_close($con);
?>
<form action="#" method="post">
<table height ="200px" width="676" border="1" cellspacing="0" cellpadding="0">

<tr>
<td colspan="7" valign="top" width="676"> 
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">1. Exporter/Consignor (Name & Address)<br/>
<input type="text" name="exporter" />
</td>
<td colspan="4" valign="top" width="356">2. Importer/Consignee (Name & Address)
 <input type="text" name="importer" />
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">3. Declared means of conveyance
<input type="text" name="conveyance" /></td>
<td colspan="4" valign="top" width="356">4. Place of Origin<br/>
<input type="text" name="origin" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">5. Declared Port of entry<br/>
<input type="text" name="dpoe" /></td>
<td colspan="4" valign="top" width="356">6. Department of Plant Protection of Pakistan To Plant Protection Organization Of (importing country)<br/>
<input type="text" name="impcon" />
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">7. Distinguishing marks/Container No./ Seal No.<br/>
<input type="text" name="container" /></td>
<td colspan="3" valign="top" width="172">8. No. of Packages<br/>
<input type="text" name="nopk" />
</td>
<td valign="top" width="184">9. Type of packages<br/>
<input type="text" name="tyop" /></td>
</tr>
<tr>
<td valign="top" width="221">10. Name of Product<br/>
<input type="text" name="name" /></td>
<td colspan="4" valign="top" width="233">11. Botanical name of plant
<br/>
<input type="text" name="botname" />
</td>
<td colspan="2" valign="top" width="221">12. Quantity<br/>
<input type="text" name="quantity" /></td>
</tr>
<tr>
<td colspan="7" valign="top" width="676">13. This is to certify that the plants, plant products or other regulated articles described herein above have been inspected and/ or tested according to appropriate official procedures and are considered to be free from the quarantine pests, specified by the importing contracting party and to conform with the current phytosanitary requirements  of the importing contracting party including those for regulated non-quarantine pests.<br/>
<input type="checkbox" name="certify" value="Yes"/> Yes
<input type="checkbox" name="certify" value="No"/> No<br/>
 </td>
</tr>
<tr>
<td colspan="7" valign="top" width="676">14. Additional Declaration
<br/>
<textarea name="declaration" cols="40" rows="2">Please limit your response to 200 characters.</textarea><br />
</td>
</tr>
<tr>
<td colspan="7" valign="top" width="676" bgcolor="grey">
<p align="center"><strong>Disinfestations and / or disinfection treatment </strong></p>
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">15. Date
<br/>
<input type="text" name="date" /></td>
<td colspan="4" valign="top" width="356">16. Treatment<br/>
<input type="text" name="treatment" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">17. Duration & Temperature
<br/>
<input type="text" name="dutemp" />
</td>
<td colspan="4" valign="top" width="356">18. Concentration<br/>
<input type="text" name="concen" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">19. Additional Information
<br/>
<textarea name="adinfo" cols="40" rows="2">Please limit your response to 200 characters.</textarea><br />
</td>
<td colspan="4" valign="top" width="356">20. Name of Inspector<br/>
<input type="text" name="insname" /></td>
</tr>
<tr>
<td colspan="2" valign="top" width="240">21. Stamps of Organization
<br></br><br></br>
 </td>
<td rowspan="2" colspan="2" valign="top" width="168">
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong>PROGRESSIVE </strong></p>
</td>
<td rowspan="2" colspan="3" valign="top" width="340">23. Place of issue<br/>
<input type="text" name="place" /><br/>
24. Signature__________________________<br/><br></br>
25. Name and designation of authorized officer
<input type="text" name="namedesg" /> <br/><br/>
26. Date <br/>
<input type="text" name="dateissue" /></p></td>
</tr>
<tr>
<td colspan="2" valign="top" width="240">22. No financial liability with respect to this certificate shall attach to department of plant protection or to any of its officers or representatives
<br></br></td>
</tr>
<tr>
<td width="221" border="0"></td>
<td width="19"></td>
<td width="80"></td>
<td width="48"><input type="submit" value="Submit Form" /></td>
<td width="47"><input type="reset" value="Reset" /></td>
<td width="137"></td>
<td width="220"></td>
</tr>
<tr><td></td>
<td></td>
<td></td>
<td align="right"></td>
</tr>
</table>
</form>
</html>
4

1 回答 1

1

在 wordpress 中,您不能使用普通的 mysql 系统调用数据库。您需要通过调用数据库

global $wpdb;

有关更多示例,请参见此链接。http://codex.wordpress.org/Class_Reference/wpdb

编辑

尝试将您的 PHP 调用代码更改为类似的内容。

编辑2

添加一些代码以防止 sql 攻击。基本上将它们放入变量并转义它。

<?php
//no need to connect & close to db. it's done automatically by wpdb.
// the database MUST be the same with wordpress database. only different tables.
global $wpdb;

//protect your codes from attacks.
@ isset($_POST['exporter']) ? $exporter=$wpdb->escape($_POST['exporter']) : $exporter='';
@ isset($_POST['importer']) ? $importer=$wpdb->escape($_POST['importer']) : $importer='';
@ isset($_POST['conveyance']) ? $conveyance=$wpdb->escape($_POST['conveyance']) : $conveyance='';
//....
@ isset($_POST['dateissue']) ? $dateissue=$wpdb->escape($_POST['dateissue']) : $dateissue='';


if (!$wpdb->insert('data',
                        array(
                            'consignor'=>$exporter
                            ,'consignee'=>$importer
                            ,'conveyance'=>$conveyance
                            //...
                            ,'issue_date'=>$dateissue
                        ))) exit;
else {echo 'Form Submitted';}
?>
于 2012-11-28T07:13:34.463 回答