带有recaptcha和mysql插入错误的PHP表单
说到PHP,我不在行。我试图学习并构建一个非常好的php表单,它使用recaptcha并将数据发送到mysql。我在使用mysql函数时遇到问题。我得到了错误 语法错误,意外的“;”在testing.php的第42行 当我删除它时,它会启动其他错误。如果您有任何关于此错误的帮助,我们将不胜感激带有recaptcha和mysql插入错误的PHP表单,php,mysql,recaptcha,Php,Mysql,Recaptcha,说到PHP,我不在行。我试图学习并构建一个非常好的php表单,它使用recaptcha并将数据发送到mysql。我在使用mysql函数时遇到问题。我得到了错误 语法错误,意外的“;”在testing.php的第42行 当我删除它时,它会启动其他错误。如果您有任何关于此错误的帮助,我们将不胜感激 <?php error_reporting(E_ALL); ini_set('display_errors', 1); // keys from Google reCapt
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// keys from Google reCaptcha https://www.google.com/recaptcha/admin
$sitekey = 'site_key';
$secretkey = 'secret_key';
$alert = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$fullname;$username;$email;$message;$captcha;
if(isset($_POST['fullname']))
$fullname=$_POST['fullname'];
if(isset($_POST['username']))
$username=$_POST['username'];
if(isset($_POST['email']))
$email=$_POST['email'];
if(isset($_POST['message']))
$message=$_POST['message'];
if(isset($_POST['g-recaptcha-response']))
$captcha=$_POST['g-recaptcha-response'];
if(!$captcha)
$alert = '<div class="alert alert-warning" role="alert">Please wait until the captcha protection give you a check mark.</div>';
$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret='.$secretkey.'&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));
if($response->success==false)
{
/* lets set the error message for the alert... */
if ($alert=='')
$alert = '<div class="alert alert-danger" role="alert">Some how you have been detected has a spammer.</div>';
}
else
{
//Connecting to sql db.
$connect = mysqli_connect("XXXX","XXXX","XXXX","XXXX");
//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO pro_tools.Users (full_name, users_name, email, message)
VALUES ('$_POST[post_fullname]', '$_POST[post_username]', '$_POST[post_email]', '$_POST[post_message]')";
$alert = '<div class="alert alert-success" role="alert">Thank you for your submission!</div>';
}
}
?>
我想您这里有一个sytax错误
$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret='.$secretkey.'&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));
我会设法解决的
$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));
您使用“this”而不是“this”,您将它混合了起来,您的查询有点不对劲,在结束mysqli_查询时缺少了一个括号。但是,您很容易受到SQL注入的影响,因此应该使用准备好的语句
下面给出了一个例子
if ($stmt = mysqli_prepare($connect, "INSERT INTO pro_tools.Users (full_name, users_name, email, message) VALUES (?, ?, ?, ?)")) {
mysqli_stmt_bind_param($stmt, "ssss", $_POST['fullname'], $_POST['username'], $_POST['email'], $_POST['message'], );
mysqli_stmt_execute($stmt);
}
这将替换您当前的代码:
mysqli_query($connect,"INSERT INTO pro_tools.Users (full_name, users_name, email, message)
VALUES ('$_POST[post_fullname]', '$_POST[post_username]', '$_POST[post_email]', '$_POST[post_message]')";
您提到“出现了其他错误”,我们不知道这些错误是什么-如果您需要帮助,您必须告诉我们出现了哪些错误,以及这些错误出现在哪些行上(我们不知道代码中的第42行)。在生成插入查询时出现了一些语法错误:
用以下代码替换您的mysqli\u查询
$sql = "INSERT INTO pro_tools.Users (full_name, users_name, email, message)"
. "VALUES (?,?,?,?)";
$stmt = $connect->prepare($sql);
$stmt->bind_param("ssss", $_POST['post_fullname'], $_POST['post_username'], $_POST['post_email'], $_POST['post_message']);
$stmt->execute();
第42至45号线为:-
mysqli_query($connect, "INSERT INTO pro_tools.Users (full_name, users_name, email, message)
VALUES (" . $_POST['post_fullname'] . "," . $_POST['post_username'] . "," . $_POST['post_email'] . "," . $_POST['post_message'] . ")");
$alert .= "<div class='alert alert-success' role='alert'>Thank you for your submission!</div>";
mysqli\u查询($connect,“插入到pro\u tools.Users中(全名、用户名、电子邮件、消息)
值(“.$\u POST['POST\u fullname'.]”、“$\u POST['POST\u username'.]”、“$\u POST['POST\u email'.]”、“$\u POST['POST\u message'.]”);
$alert.=“感谢您的提交!";
您有语法错误并且您必须变量才能在$alert中有正确的html,这是第42行