0
我收到此錯誤消息:注意:未定義的偏移量:1在C:\ xampp \ htdocs \ evantechbd \ secure \ content \ right_cat_pr.php上在線18。我想從表中獲取news_id和cat_name。php爆炸函數錯誤
下面是HTML表單:
<?php
include "db.php";
$sql = mysql_query("SELECT * FROM news_cat");
?>
<form action="right_cat_pr.php" method="post" name="right_cat">
<table width="400" border="0" cellspacing="5" cellpadding="5">
<tr>
<td>News Category Name</td>
<td>
<select name="cat_name">
<?php
while($row = mysql_fetch_assoc($sql))
{
$new_id = $row['news_id'];
$cat_name = $row['cat_name'];
?>
<option "<?php echo $row['news_id'] . '|' . $row['cat_name'] ?>"><?php echo
$row['cat_name']; ?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Submit" name="submit"></td>
</tr>
</table>
</form>
這裏是進程頁:
<?php
include "db.php";
$row = explode('|', $_POST['cat_name']);
$news_id = $row[0]; // cat_id
$cat_name = $row[1];
$query = mysql_query("INSERT INTO right_cat VALUES ('','$news_id','$cat_name')");
if($query)
{
echo "Successfully Inserted your News Category<br/>";
}
else
{
echo "Something is wrong to Upload";
}
?>
期權價值不相關的問題,但是你有一個SQL注入漏洞。 'INSERT INTO right_cat VALUES('','$ news_id','$ cat_name')',如果$ news_id是'ffff')會發生什麼情況? DROP * FROM *; - '? – Seventoes
@Seventoes +1對拒絕引用Little Bobby Tables的衝動的評論:) ...對於問題...錯誤消息意味着您引用了第18行中不存在的數組鍵。如果你不能100%確定數組鍵是否存在,你應該在引用它之前檢查它是否與'empty'或'isset'一致。 – rdlowrey
謝謝@Seventoes。那麼,我應該怎麼做,以防止SQL注入? –