1

我没有解决 PHP 中撇号的问题,当我每次播种时在我的文本字段中输入撇号(')时(语法错误,意外的 T_STRING)这就是我的代码:请有人以简单的方式帮助我,谢谢.

注册.php

<?php
session_start();
?>
<div id="reg">
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
    echo '<ul class="err">';
    foreach($_SESSION['ERRMSG_ARR'] as $msg) {
        echo '<li>',$msg,'</li>'; 
    }
    echo '</ul>';
    unset($_SESSION['ERRMSG_ARR']);
}
?>
<html>
<head>
</head>
<body>
<form action='register-exec.php' method='post' enctype='multipart/form-data' name='loginForm' id='loginForm'>
<table width='629' height='211' border='0' align='center' cellpadding='1' cellspacing='0'>
<tr>
<th align='left'>First Name :</th>
<td><input name='fname' type='text' class='textfield' id='fname' /></td>
</tr>
<tr>
<th align='left'>Last Name :</th>
<td><input name='lname' type='text' class='textfield' id='lname' /></td>
</tr>
<tr>
<th align='left'>Email :</th>
<td><input name='email' type='text' class='textfield' id='email'  /></td>
</tr>
<tr>
<th width='166' align='left'>UserName :</th>
<td width='459'><input name='login' type='text' class='textfield' id='login'  /></td>
</tr>
<tr>
<th align='left'>Password :</th>
<td><input name='password' type='password' class='textfield' id='password'  /></td>
</tr>
<tr>
<th align='left'>Confirm Password :</th>
<td><input name='cpassword' type='password' class='textfield' id='cpassword'  /></td>
</tr>
<tr>
<td>Country :</td>
<td><select name='country' id='country'>
  <option value='' selected></option>
        <option value='San Marino'>San Marino</option>
        <option value='Saudi Arabia'>Saudi Arabia</option>
         <option value='Seychelles'>Seychelles</option>
         <option value='Singapore'>Singapore</option>
         <option value='Slovakia'>Slovakia</option>
        <option value='Slovenia'>Slovenia</option>
       <option value='Solomon Islands'>Solomon Islands</option>
      <option value='South Africa'>South Africa</option>
      <option value='Spain'>Spain</option>
      <option value='Sri Lanka'>Sri Lanka</option>
     <option value='St.Pierre and Miquelon'>St.Pierre and Miquelon</option>
       <option value='St.Vincent and the Grenadines'>St.Vincent and the Grenadines</option>
          <option value='Sweden'>Sweden</option>
         <option value='Switzerland'>Switzerland</option>
        <option value='Syria'>Syria</option>
         <option value='Taiwan '>Taiwan </option>
         <option value='Tajikistan'>Tajikistan</option>
         <option value='Thailand'>Thailand</option>
         <option value='Trinidad and Tobago'>Trinidad and Tobago</option>
         <option value='Turkey'>Turkey</option>
         <option value='Turkmenistan'>Turkmenistan</option>
         <option value='Turks and Caicos Islands'>Turks and Caicos Islands</option>
         <option value='Ukraine'>Ukraine</option>
         <option value='UAE'>UAE</option>
         <option value='UK'>UK</option>
        <option value='USA'>USA</option>
       <option value='Uruguay'>Uruguay</option>
      <option value='Uzbekistan'>Uzbekistan</option>
     <option value='Vanuatu'>Vanuatu</option>
    <option value='Vatican City'>Vatican City</option>
   <option value='Vietnam'>Vietnam</option>
   <option value='Virgin Islands (GB)'>Virgin Islands (GB)</option>
  <option value='Virgin Islands (U.S.) '>Virgin Islands (U.S.) </option>
  <option value='Wallis and Futuna Islands'>Wallis and Futuna Islands</option>
  <option value='Yemen'>Yemen</option>
 <option value='Yugoslavia'>Yugoslavia</option>
</select></td>
</tr>
<tr>
<td>City :</td>
<td><input name='city' type='text' class='textfield' id='city'  /></td>
</tr>
<tr>
<td>Upload Image :</td>
<td>        <input type='file' name='image' id='image' />
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type='submit' name='Submit' value='Register' /></td>
</tr>
</table>
</form>
</div>
</body>
</html>

注册-exec.php

<?php
//Start session
session_start();

//Include database connection details
require_once('config2.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
    die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
    die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return mysql_real_escape_string($str);
}

//Sanitize the POST values
$fname = clean($_POST['fname']);
$lname = clean($_POST['lname']);
$email = clean($_POST['email']);
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
$country = clean($_POST['country']);
$city = clean($_POST['city']);

//Input Validations
if($fname == '') {
    $errmsg_arr[] = 'First name missing';
    $errflag = true;
}
if($lname == '') {
    $errmsg_arr[] = 'Last name missing';
    $errflag = true;
}
if($email == '') {
    $errmsg_arr[] = 'Email missing';
    $errflag = true;
}
if($login == '') {
    $errmsg_arr[] = 'Login ID missing';
    $errflag = true;
}
if($password == '') {
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
}
if($cpassword == '') {
    $errmsg_arr[] = 'Confirm password missing';
    $errflag = true;
}
if($country == '') {
    $errmsg_arr[] = 'Country is missing';
    $errflag = true;
}
if($city == '') {
    $errmsg_arr[] = 'City is mising';
    $errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
    $errmsg_arr[] = 'Passwords do not match';
    $errflag = true;
}

//Check for duplicate email
if($email != '') {
    $qry = "SELECT * FROM members WHERE email='$email'";
    $result = mysql_query($qry);
    if($result) {
        if(mysql_num_rows($result) > 0) {
            $errmsg_arr[] = 'Email ID already in use';
            $errflag = true;
        }
        @mysql_free_result($result);
    }
    else {
        die("Query failed");
    }
}

//Check for duplicate login ID
if($login != '') {
    $qry = "SELECT * FROM members WHERE login='$login'";
    $result = mysql_query($qry);
    if($result) {
        if(mysql_num_rows($result) > 0) {
            $errmsg_arr[] = 'Login ID already in use';
            $errflag = true;
        }
        @mysql_free_result($result);
    }
    else {
        die("Query failed");
    }
}

//If there are input validations, redirect back to the registration form
if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: index.php?page=register");
    exit();
}

// Variable for hours
$hourdiff = "5"; // hours difference between server time and local time

// Nothing needs to be changed below here unless you want to change
// the format of the date (see above for URL of options) or your local
// time is behind the server time
$timeadjust = ($hourdiff * 3600);
$melbdate = date("l, d M Y h:i:s a",time() + $timeadjust);
echo $melbdate;

// Generates activation code simple 4 digit number
$activ_code = rand(1000,9999);

$email = $_POST['email'];
$login = $_POST['login'];

//Ip Address Varified
$http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
$http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remote_addr = $_SERVER['REMOTE_ADDR'];

if (!empty($http_client_ip)) {
$ip_address = $http_client_ip;
}elseif (!empty($http_x_forwarded_for)) {
$ip_address = $http_x_forwarded_for;
}else {
$ip_address = $remote_addr;
}

$ip_address = $ip_address;


//Image upload

$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name = addslashes($_FILES['image']['name']);
$image_size = getimagesize($_FILES['image']['tmp_name']);


//Create INSERT query
$qry = "INSERT INTO members(firstname, lastname, email, login, passwd,country,city,time,ip,name,image,activation_code) VALUES('$fname','$lname','$email','$login','".($_POST['password'])."','$country','$city','$melbdate','$ip_address','$image_name','$image','$activ_code')";
$result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    header("location: register-success.php");
    exit();
}else {
    die("Query failed");
}
?>
4

1 回答 1

1

在你的function clean($str)问题在那里,你可以删除这个功能并添加mysql_real_escape_string()到每个$_POST[]这样的:

$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);
$cpassword = mysql_real_escape_string($_POST['cpassword']);
$country = mysql_real_escape_string($_POST['country']);
$city = mysql_real_escape_string($_POST['city']);

我认为这会奏效。

于 2015-06-12T18:51:30.937 回答