我只是一個初學者,我的代碼出了什麼問題,我試圖對此進行試驗,以便我要創建的網頁不會受到mysql注入的攻擊。什麼是這樣做的正確方法:試圖創建一個mysql注入證明腳本
<?php
$host="localhost";
$username="root";
$password="";
$db_name="testing";
$tbl="hospital";
$connection=mysql_connect($host, $username, $password) or die("cannot connect!");
mysql_select_db($db_name, $connection) or die("cannot select db!");
$LASTNAME = $_POST[lname];
$FIRSTNAME = $_POST[fname];
$FIRSTNAME=(isset($_POST['fname']||trim($_POST['fname'])=="")?die('Error:Enter Firstname!')
mysql_escape_string(trim($_POST['fname']));
$sqlque="INSERT INTO hospital (LASTNAME, FIRSTNAME)
VALUES ('$LASTNAME', '$FIRSTNAME')";
if (!mysql_query($sqlque,$con))
{
die('Error: ' . mysql_error());
}
echo "<script>alert('Record successfully added!')</script>";
mysql_close($con)
?>
這裏的錯誤,請幫忙,謝謝:
Parse error: parse error, expecting `','' or `')'' in C:\wamp\www\sql injection check\aisaction.php on line 20
您在第一個isset上缺少一個paren。 (isset($ _ POST [ 'FNAME'] **)** ||修剪($ _ POST [ 'FNAME'])== 「」) – 2010-03-02 01:40:45