几乎,这并没有向数据库中插入任何东西,它真的让我很着迷,我应该这样做,但事实并非如此。有任何想法吗?我似乎无法弄清楚,我也删除了最后一个变量后的逗号!我不明白。我可能不是最好的 php 或 mysqli,但我可以很好地处理自己,这不会很好。
<?php
// <!- Session Check -!> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
require("common.php");
//
//
if(empty($_SESSION['user']))
{
//
header("Location: index.html");
//
die("Redirecting to index.html");
}
//
// <!- Session Check End -!> /////////////////////////////
// <!- Sanatizing Steps Begin -!> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
//
//
// Function to turn single quotes and forward slashes to html characters \\
function quote2entities($string,$entities_type='number')
{
$search = array("\"","'");
$replace_by_entities_name = array(""","'");
$replace_by_entities_number = array(""","'");
$do = null;
if ($entities_type == 'number')
{
$do = str_replace($search,$replace_by_entities_number,$string); //
}
else if ($entities_type == 'name')
{
$do = str_replace($search,$replace_by_entities_name,$string);
}
else
{
$do = addslashes($string);
}
return $do;
}
//
//
//
//
// Declaring Modifying values \\
$url = $_POST['url'];
$c = $_POST['company'];
$cp = $_POST['companyproduct'];
$curl = $_POST['curl'];
$mem = $_POST['mem'];
$model = $_POST['model'];
$serial = $_POST['serialalgo'];
$method = $_POST['meth'];
$warn = $_POST['warn'];
// //
// Declaring original Values for the 3rd Sanatization Step \\
$ourl = $_POST['url'];
$oc = $_POST['company'];
$ocp = $_POST['companyproduct'];
$ocurl = $_POST['curl'];
$omem = $_POST['mem'];
$omodel = $_POST['model'];
$oserial = $_POST['serialalgo'];
$omethod = $_POST['meth'];
$owarn = $_POST['warn'];
//
//
//
//
//
// Input Sanatize 1 of 3 \\
filter_input(INPUT_GET, $c, FILTER_SANITIZE_URL);
filter_input(INPUT_GET, $mem, FILTER_SANITIZE_URL);
filter_input(INPUT_GET, $url, FILTER_SANITIZE_URL);
filter_input(INPUT_GET, $cp, FILTER_SANITIZE_URL);
filter_input(INPUT_GET, $curl, FILTER_SANITIZE_URL);
filter_input(INPUT_GET, $model, FILTER_SANITIZE_URL);
filter_input(INPUT_GET, $serial, FILTER_SANITIZE_URL);
filter_input(INPUT_GET, $warn, FILTER_SANITIZE_URL);
filter_input(INPUT_GET, $method, FILTER_SANITIZE_URL);
//
//
//
//
//
// Input Sanatize 2 of 3 \\
//if($oc != $c | $omem != $mem | $ocp != $cp )
//{ //
// Echo "Banning Account.";
//header(location: "http://cuntusa.com/");
//Die();
//}
//
//
// Input Sanatize Final of 3 \\
$c = quote2entities($c);
$mem = quote2entities($mem);
$cp = quote2entities($cp);
$curl = quote2entities($curl);
$warn = quote2entities($warn);
$method = quote2entities($method);
$url = quote2entities($url);
$model = quote2entities($model);
$serial = quote2entities($serial);
$date = date("Y-m-d H:i:s");
$postedby = $_SESSION['user']['username'];
echo $warn;
echo $serial;
//
//
//
///////// <!- Santizing Ends -!> //////////////////////////////////////////////////
////////////<!- SQLi Begin -!> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// ////
// ////
// ////
// Declaring Resource connection Attributes \\
$username = "=";
$password = "m=";
$host = "=rce.com";
$dbname = "=";
// ////
// ////
// Declaring a connection Varible for faster call downs. \\
$con=mysqli_connect($host,$username,$password,$dbname) or die('Error->' .mysqli_error($con));
// ////
// ////
// Checking for any errors \\
echo mysqli_error($con);
// ////
// ////
// Loading into the database \\
echo $date;
echo $c ;
$query = "INSERT INTO project (company,published,user,contacturl,model,serialalgo,members,method,warn) VALUES (
'".$c."',
'".$date."',
'".$postedby."',
'".$curl."',
'".$model."',
'".$serial."',
'".$mem."',
'".$method."',
'".$warn."',
)";
mysqli_query($con, $query);
// ////
// ////
// Closing the connection \\
mysqli_close($con);
// ////
// ////
// <!- End SQLi -!> ///////////////////////////////////////////////////////////////////////////////////////////////
?>
<!---<html>
<body>
<meta http-equiv="refresh" content="0; url=ht=php">
</body>
</html>