在我的所有表單中都發生了此問題。如果在描述中,用戶在那裏有和符號,頁面將顯示帶有值的INSERT語句,但不會繼續或發送電子郵件。當提交表單出現問題時,「&」在說明框中
例如:
「敏捷的棕色狐狸跳過狗&貓」將無法正常工作。
「快速的棕色狐狸跳過狗和貓」將工作。
$filename = $_GET['filename'];
$size = $_GET['filesize'];
$date = $_GET['filedate'];
$user = $loggedin_id;
$desc = mysqli_real_escape_string($dbc3, $_GET['desc']);
$type = $_GET['type'];
$ver = $_GET['ver'];
$rev = $_GET['rev'];
$sql = "SELECT lineup FROM cad_files WHERE job_num = $job_id AND file_type = '$type' ORDER BY date DESC LIMIT 1";
$result = mysqli_query($dbc3, $sql);
if(mysqli_num_rows($result) < 1){
$prev_lineup = 0;
} else {
$prev_file = mysqli_fetch_assoc($result);
$prev_lineup = $prev_file['lineup'];
}
//$type = getcadtype($type);
$job_id = getjobid($job_num, $dbc3);
$sql = "INSERT INTO cad_files(job_num, user, file_name, file_type, version, revision, date, size, description) VALUES($job_id, '$user', '$filename', '$type', '$ver', '$rev', '$date', '$size', '$desc')";
// echo $sql;
mysqli_query($dbc3, $sql) or die(mysqli_error($dbc3));
$id = mysqli_insert_id($dbc3);
我怎樣才能解決這個問題:在頁面上的一個
插入statment?
錯誤:
Warning: simplexml_load_string(): Entity: line 9: parser error : xmlParseEntityRef: no name in /home/xxxxx/public_html/main/includes/mail2.php on line 15
Warning: simplexml_load_string(): <p>Description:<br /><b>Inserts 3a & 3b modified</b></p> in /home/xxxxx/public_html/main/includes/mail2.php on line 15
Warning: simplexml_load_string():^in /home/xxxxxx/public_html/main/includes/mail2.php on line 15
Catchable fatal error: Argument 1 passed to simpleXMLToArray() must be an instance of SimpleXMLElement, boolean given, called in /home/xxxxxx/public_html/main/includes/mail2.php on line 15 and defined in /home/xxxxxx/public_html/main/includes/functions.php on line 354
可能重複的[如何防止SQL注入PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –
所有輸入在插入數據庫之前應該確保安全。如果你想在你的查詢中使用所有的值:$ _GET = array_map('mysqli_real_escape_string',$ _GET)' – Martijn
'mysqli_real_escape_string()'使用 –