我有一個簡單的表單,可以在我的服務器上的表中插入數據。我設置了一個特殊用戶來處理這個問題,只有插入權限。我收到連接和語法錯誤。SQL語法錯誤,連接問題簡單表格PHP
這裏是我的形式:
<form id="form1" name="form1" method="post" action="mailform.php" onsubmit="return validateForm();">
<input type="text" id="First" maxlength="100" autocorrect placeholder="First name" />
<input type="text" id="Last" maxlength="100" autocorrect placeholder="Last name" />
<input type="text" id="Email" maxlength="100" autocorrect placeholder="Email address" />
<select name="SalesPerson">
<option value="SP1">SP1</option>
<option value="SP2">SP2</option>
<option value="SP3">SP3</option>
</select>
<select name="Show">
<option value="Show1">Show1</option>
<option value="Show2">Show2</option>
</select>
<button type="submit" id="submit" class="oneup">Submit</button>
</form>
上並且在mailform.php我們:
<?php
$name = "xxx_xxx";
$name = mysql_real_escape_string($name);
$SQL = "SELECT * FROM users WHERE username = '$name'";
$con = mysql_connect("localhost","xxx_xxx","xxxxxxxxx");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("xxx_x", $con);
$sql="INSERT INTO email_signup (First, Last, Email, SalesPerson, Show)
VALUES
('$_POST[First]','$_POST[Last]','$_POST[Email]','$_POST[SalesPerson]','$_POST[Show]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con)
?>
而這裏的錯誤 -
Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'xxx'@'localhost' (using password: NO) in <b>.../mailform.php</b> on line 28
Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in <b>.../mailform.php</b> on line 28 Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Show) VALUES ('','','','SP1','Show1')' at line 1
任何想法爲什麼我遇到連接問題?我有一個幾乎相同的形式在另一個地方設置,工作得很好。
** WARNING ** - 你的代碼是SQL注入攻擊非常敏感。 – 2012-02-20 19:41:57
你必須連接到數據庫才能使用'mysql_real_escape_string':http://www.php.net/manual/pl/function.mysql-real-escape-string.php看看第一個註釋。 – 2012-02-20 19:44:49
@Daneil A. White是的,我還有一些代碼可以通過篩選出易受影響的字符來防止這種情況發生。 – blackessej 2012-02-20 19:45:46