Fatal编程技术网
  • php/
  • Php mysqli_real_escape_string()希望参数2是字符串?

Php mysqli_real_escape_string()希望参数2是字符串?

php

Php mysqli_real_escape_string()希望参数2是字符串?,php,Php,问题在哪里?有人能告诉我哪里出了问题吗 mysqli_real_escape_string()要求参数2为字符串、数组 屈服于 完整代码 <?php echo ' <main><section><form method="POST" class="contact-form"> <span><i class="fas fa-info-circle"></i>contact</span> <ul

问题在哪里?有人能告诉我哪里出了问题吗

mysqli_real_escape_string()要求参数2为字符串、数组 屈服于

完整代码

 <?php
echo '
<main><section><form method="POST" class="contact-form">
  <span><i class="fas fa-info-circle"></i>contact</span>
  <ul>
    <li>
      <i class="fa fa-user form-icon"></i>
      <input type="text" placeholder="name" required name="user" />
    </li>
    <li>
      <i class="fa fa-at form-icon"></i>
      <input type="text" placeholder="email" required  name="email"/>
    </li>
    <li>
      <i class="fa fa-link form-icon"></i>
      <input type="text" placeholder="link" required name="link"/>
    </li>
    <li>
      <img class="img-capatcha" src="captcha.php">
    </li>
    <li>
      <i class="fa fa-paper-plane form-icon"></i>
      <input type="text" placeholder="captcha" required name="captcha" />
    </li>
    <li>
      <i class="fa fa-envelope form-icon"></i>
      <textarea placeholder="subject" rows="2" required name="subject"></textarea>
    </li>
    <li>
      <input type="submit" placeholder="Submit" value="ارسال" required name="submit"/>
    </li>
  </ul></form>
  ';
//submit
    if ($_POST['submit']) {
    $user=mysqli_real_escape_string($con,$_POST['user']);
    $email=mysqli_real_escape_string($con,$_POST['email']);
    $link=mysqli_real_escape_string($con,$_POST['link']);
    $subject=mysqli_real_escape_string($con,$_POST['subject']);
        // required
    if(!empty($_POST['user']) && !empty($_POST['email']) && !empty($_POST['link']) && !empty($_POST['subject'])){
        // captcha
    if (!empty($_POST["captcha"])&&$_POST["captcha"]!="" && $_SESSION["code"]==$_POST["captcha"]) {
        //inserting
    $sql = "INSERT INTO contact (`user`,`email`,`link`,`subject`)VALUES('$user','$email','$link','$subject')";
    $result = mysqli_query($con, $sql);
    if ($result) {
    echo "
    <div id='oops'>
      <div id='succ'>
        <p><i class='fas fa-check'></i>succ</p>
      </div>
    </div>";
    }
    else{
    echo "
    <div id='oops'>
      <div id='alert'>
        <p><i class='fas fa-times'></i>error in inserting</p>
      </div>
    </div>
    ";
    }
    }
    else{
    echo
    "<div id='oopss'>
      <div id='warning'>
        <p><i class='fas fa-exclamation-circle'></i>error in captcha</p>
      </div>
    </div>
    ";
    }
    }
    else{
    echo
    "<div id='oopss'>
      <div id='warning'>
        <p><i class='fas fa-exclamation-circle'></i>all input required  </p>
      </div>
    </div>
    ";
    }
    }
    ?>
打印($\u POST)检查您得到了什么,第二个
$con
检查您在哪里定义了这个。。。您必须使用SQL注入阻止您的代码。您能显示您的表单代码吗?在任何表单输入的
name
属性中是否有括号?比如,
?如果是这样,这将导致
$\u POST
值成为一个数组而不是一个字符串。不仅仅是简单的formagain,
$con
在您定义这个的地方???????打印($\u POST)检查您得到了什么,第二个
$con
检查您在哪里定义了这个。。。您必须使用SQL注入阻止您的代码。您能显示您的表单代码吗?在任何表单输入的
name
属性中是否有括号?比如,
?如果是这样的话,这将导致
$\u POST
值是一个数组而不是一个字符串。不仅仅是简单的formagain,
$con
在您定义它的地方?????????? 
 <?php
echo '
<main><section><form method="POST" class="contact-form">
  <span><i class="fas fa-info-circle"></i>contact</span>
  <ul>
    <li>
      <i class="fa fa-user form-icon"></i>
      <input type="text" placeholder="name" required name="user" />
    </li>
    <li>
      <i class="fa fa-at form-icon"></i>
      <input type="text" placeholder="email" required  name="email"/>
    </li>
    <li>
      <i class="fa fa-link form-icon"></i>
      <input type="text" placeholder="link" required name="link"/>
    </li>
    <li>
      <img class="img-capatcha" src="captcha.php">
    </li>
    <li>
      <i class="fa fa-paper-plane form-icon"></i>
      <input type="text" placeholder="captcha" required name="captcha" />
    </li>
    <li>
      <i class="fa fa-envelope form-icon"></i>
      <textarea placeholder="subject" rows="2" required name="subject"></textarea>
    </li>
    <li>
      <input type="submit" placeholder="Submit" value="ارسال" required name="submit"/>
    </li>
  </ul></form>
  ';
//submit
    if ($_POST['submit']) {
    $user=mysqli_real_escape_string($con,$_POST['user']);
    $email=mysqli_real_escape_string($con,$_POST['email']);
    $link=mysqli_real_escape_string($con,$_POST['link']);
    $subject=mysqli_real_escape_string($con,$_POST['subject']);
        // required
    if(!empty($_POST['user']) && !empty($_POST['email']) && !empty($_POST['link']) && !empty($_POST['subject'])){
        // captcha
    if (!empty($_POST["captcha"])&&$_POST["captcha"]!="" && $_SESSION["code"]==$_POST["captcha"]) {
        //inserting
    $sql = "INSERT INTO contact (`user`,`email`,`link`,`subject`)VALUES('$user','$email','$link','$subject')";
    $result = mysqli_query($con, $sql);
    if ($result) {
    echo "
    <div id='oops'>
      <div id='succ'>
        <p><i class='fas fa-check'></i>succ</p>
      </div>
    </div>";
    }
    else{
    echo "
    <div id='oops'>
      <div id='alert'>
        <p><i class='fas fa-times'></i>error in inserting</p>
      </div>
    </div>
    ";
    }
    }
    else{
    echo
    "<div id='oopss'>
      <div id='warning'>
        <p><i class='fas fa-exclamation-circle'></i>error in captcha</p>
      </div>
    </div>
    ";
    }
    }
    else{
    echo
    "<div id='oopss'>
      <div id='warning'>
        <p><i class='fas fa-exclamation-circle'></i>all input required  </p>
      </div>
    </div>
    ";
    }
    }
    ?>

$host = "localhost"; 
$user = "root"; 
$password = "123456789"; 
$dbname = "test";
$con = mysqli_connect($host, $user, $password,$dbname);