1

我有一个插入句子并执行触发操作的php文件,如下所示:

    < html > <body > 
    <?php 

    $s = $_POST['sent'];
    echo "Entered sentence : $s";

    if (preg_match_all('/[^=]*=([^;@]*)/', shell_exec("/home/technoworld/Videos/LinSocket/client '$s'"), $matches)) //Values stored in ma.
    {
        $x = (int) $matches[1][0];  //optionally cast to int
        $y = (int) $matches[1][1];
    }

    $con = mysqli_connect('127.0.0.1:3306', 'root', 'root', 'test');
    if (mysqli_connect_errno()) {
        echo "Failed to connect to MySQL: ".mysqli_connect_error();
    }


//    $sql2 = "CREATE TRIGGER MysqlTrigger AFTER INSERT ON table1 FOR EACH ROW BEGIN INSERT INTO temp1(sent,pindex,nindex) VALUES (NEW.sent,".$x.",".$y.");";
    mysqli_query($con,$sql2);

    $sql1 = "INSERT INTO table1 (sent)VALUES('$_POST[sent]')";

    if (!mysqli_query($con, $sql1)) {
        die('Error: '.mysqli_error($con));
    }
    echo "1 record added";
    mysqli_close($con);

    ?>
    </html > </body >

并在mysql中触发:

DELIMITER $$

DROP TRIGGER /*!50032 IF EXISTS */ `test`.`MysqlTrigger`$$

CREATE
    /*!50017 DEFINER = 'root'@'localhost' */
    TRIGGER `MysqlTrigger` AFTER INSERT ON `table1` 
    FOR EACH ROW BEGIN
    INSERT INTO temp VALUES(New.sent,'$x','$y');
    END;
$$

DELIMITER ;

我希望 test.php 中的 $x 和 $y 应该在插入操作时插入到数据库中。NEW.sent 可以插入到现有代码中,而 x 和 y 为 0,0。

如果可能的话,我想在触发器上插入 test.php 本身的 sent,x 和 y 。

我尝试使用上面的 test.php 删除触发器部分的注释并从 mysql 数据库中删除触发器。但它仅在 temp 未更新时才在 table1 中插入句子。

4

1 回答 1

1

----------此代码容易发生SQL INJECTION(我忽略了它,因为它现在对我来说不是问题)--------- --------

如果你知道 mysql Blackhole table 的概念,这很容易做到。您创建它不存储任何值,但您可以使用它的值来执行任何其他任务。

因此,将您想要插入的任何值(变量)插入表插入以创建黑洞表。在 mysql 中,您可以像这样使用它:NEW.<variablename>

创建黑洞表:

CREATE TABLE bh_newusers (
  username varchar(255) not null,
  password varchar(255) not null,
  idn integer not null,
  patient_id integer not null,
  user_id integer not null) ENGINE = BLACKHOLE;



 My solution for main question:

    php.test:



 < html > <body > 
    <?php 
    if (!empty($_POST['insert'])) {
    echo "Insert"; echo "<br/>";
    $s = $_POST['sent'];
    $flag=0;
    echo "Entered sentence : $s";

    if (preg_match_all('/[^=]*=([^;@]*)/', shell_exec("/home/technoworld/Videos/LinSocket/client '$s'"), $matches)) //Values stored in ma.
    {
        $x = (int) $matches[1][0];  //optionally cast to int
        $y = (int) $matches[1][1];
    }

    echo "<br/>"; echo $x;
    echo "<br/>"; echo $y; echo "<br/>";

    //---------------DB stuff --------------------

    $con = mysqli_connect('127.0.0.1:3306', 'root', 'root', 'test');
    if (mysqli_connect_errno()) {
        echo "Failed to connect to MySQL: ".mysqli_connect_error();
    }

    $sql1 = "INSERT INTO table2 (id,sent,pcount,ncount,flag) VALUES('','$_POST[sent]','".$x."','".$y."','".$flag."')";

    if (!mysqli_query($con, $sql1)) {
        die('Error: '.mysqli_error($con));
    }
    echo "1 record added";
    mysqli_close($con);
    }
    // -------------------------------UPDATE --------------------------

    if (!empty($_POST['update'])) {
    echo "update";echo "<br/>";

    $s = $_POST['sent'];
    $flag=1;
    echo "Entered sentence : $s";

    if (preg_match_all('/[^=]*=([^;@]*)/', shell_exec("/home/technoworld/Videos/LinSocket/client '$s'"), $matches)) //Values stored in ma.
    {
        $x = (int) $matches[1][0];  //optionally cast to int
        $y = (int) $matches[1][1];
    }

    echo "<br/>"; echo $x;
    echo "<br/>"; echo $y; echo "<br/>";

    //---------------DB stuff --------------------

    $con = mysqli_connect('127.0.0.1:3306', 'root', 'root', 'test');
    if (mysqli_connect_errno()) {
        echo "Failed to connect to MySQL: ".mysqli_connect_error();
    }

    $sql1 = "INSERT INTO table2 (id,sent,pcount,ncount,flag)VALUES('$_POST[id]','$_POST[sent]','".$x."','".$y."','".$flag."')";

    if (!mysqli_query($con, $sql1)) {
        die('Error: '.mysqli_error($con));
    }
    echo "1 record added";
    mysqli_close($con);

    }
    ?>
    </html > </body >
于 2013-07-11T06:34:29.920 回答