1

实际上,我正在使用 XML 处理 Flash 网页。我想用 XML 创建一个使用 PHP 将数据插入到 de MySQL 数据库中的页面,但我被困住了......而且我的 XML-PHP 知识不足以完成这项工作。

这是 XML 文件:

<?xml version="1.0" encoding="utf-8"?>
<data>
<title>Sing up</title>
<request field1="user" field2="email" field3="password" field4="other">reg.php</request>
<description><![CDATA[Please sing up!]]></description>
</data>

reg PHP 文件:

        <?php

        function Reg()
        {
            if (isset($_POST['reg'])==true) {
                     require_once('db_conf.php'); 
                $user = $_POST['username'];
                $pass = sha1(strtoupper($user.':'.$_POST['password'])); 
                $email = $_POST['email'];

                $con = mysql_connect($dbhost, $dbuser, $dbpassword);

                if (!$con) 
                { 
                    die('Could not connect!'); 
                } else {
                    mysql_select_db("$logondb", $con); 

                    $sql="INSERT INTO accounts (username, sha_pass_hash, email) VALUES ('$user','$pass','$email')"; 

                    if (!mysql_query($sql,$con)) 
                    { 
                        die('Error creating account.'); 
                    } 

                    echo $succesmsg; 

                    mysql_close($con);

                } 


            } else {
?>

以及用于数据库的 PHP conf:

    <?php
$dbhost = 'localhost';

$dbuser = 'user';

$dbpassword = 'password';

// Accounts Database
$logondb = 'accounts';

$errormsg="Error creating account..";

$succesmsg="Account created!";
?>
4

1 回答 1

0

我想建议改用 PDO - 这是一种更通用的方法。然后你应该使用数据绑定来减少针对 SQL 注入的漏洞......

这应该会让你更进一步:

<?php

        function Reg()
        {
            if (isset($_POST['reg'])==true) {
                require_once('./db_conf.php'); 
                $user = $_POST['username'];
                $pass = sha1(strtoupper($user.':'.$_POST['password'])); 
                $email = $_POST['email'];

                $dsn = "mysql:host=$dbhost;dbname=$logondb";
                $pdo = new PDO($dsn,$dbuser,$dbpassword);

                if (!$pdo) 
                { 
                    die('Could not connect!'); 
                } else {
                    $sql = "INSERT INTO accounts (username, sha_pass_hash,email) VALUES (:user,:pass,:email)";
                    $stmt = $pdo->prepare($sql);
                    $res = $stmt->execute(array("user"=>$user , "pass"=>$pass , "email" => $email));
                    if (!$res) {
                        echo "Error :((<pre>";
                        var_dump($stmt->errorInfo());
                        echo "</pre>";
                    } else 
                    {
                        echo $succesmsg; 
                    }


                } 
            } else {
                echo "reg was not set - terminating...!";
            }

        }

        Reg();  // execute it!

?>
于 2013-07-17T11:01:17.597 回答