Php mysqli_real_escape_string()希望参数2是字符串?
问题在哪里?有人能告诉我哪里出了问题吗 mysqli_real_escape_string()要求参数2为字符串、数组 屈服于 完整代码Php mysqli_real_escape_string()希望参数2是字符串?,php,Php,问题在哪里?有人能告诉我哪里出了问题吗 mysqli_real_escape_string()要求参数2为字符串、数组 屈服于 完整代码 <?php echo ' <main><section><form method="POST" class="contact-form"> <span><i class="fas fa-info-circle"></i>contact</span> <ul
<?php
echo '
<main><section><form method="POST" class="contact-form">
<span><i class="fas fa-info-circle"></i>contact</span>
<ul>
<li>
<i class="fa fa-user form-icon"></i>
<input type="text" placeholder="name" required name="user" />
</li>
<li>
<i class="fa fa-at form-icon"></i>
<input type="text" placeholder="email" required name="email"/>
</li>
<li>
<i class="fa fa-link form-icon"></i>
<input type="text" placeholder="link" required name="link"/>
</li>
<li>
<img class="img-capatcha" src="captcha.php">
</li>
<li>
<i class="fa fa-paper-plane form-icon"></i>
<input type="text" placeholder="captcha" required name="captcha" />
</li>
<li>
<i class="fa fa-envelope form-icon"></i>
<textarea placeholder="subject" rows="2" required name="subject"></textarea>
</li>
<li>
<input type="submit" placeholder="Submit" value="ارسال" required name="submit"/>
</li>
</ul></form>
';
//submit
if ($_POST['submit']) {
$user=mysqli_real_escape_string($con,$_POST['user']);
$email=mysqli_real_escape_string($con,$_POST['email']);
$link=mysqli_real_escape_string($con,$_POST['link']);
$subject=mysqli_real_escape_string($con,$_POST['subject']);
// required
if(!empty($_POST['user']) && !empty($_POST['email']) && !empty($_POST['link']) && !empty($_POST['subject'])){
// captcha
if (!empty($_POST["captcha"])&&$_POST["captcha"]!="" && $_SESSION["code"]==$_POST["captcha"]) {
//inserting
$sql = "INSERT INTO contact (`user`,`email`,`link`,`subject`)VALUES('$user','$email','$link','$subject')";
$result = mysqli_query($con, $sql);
if ($result) {
echo "
<div id='oops'>
<div id='succ'>
<p><i class='fas fa-check'></i>succ</p>
</div>
</div>";
}
else{
echo "
<div id='oops'>
<div id='alert'>
<p><i class='fas fa-times'></i>error in inserting</p>
</div>
</div>
";
}
}
else{
echo
"<div id='oopss'>
<div id='warning'>
<p><i class='fas fa-exclamation-circle'></i>error in captcha</p>
</div>
</div>
";
}
}
else{
echo
"<div id='oopss'>
<div id='warning'>
<p><i class='fas fa-exclamation-circle'></i>all input required </p>
</div>
</div>
";
}
}
?>
打印($\u POST)检查您得到了什么,第二个
$con
检查您在哪里定义了这个。。。您必须使用SQL注入阻止您的代码。您能显示您的表单代码吗?在任何表单输入的name
属性中是否有括号?比如,
?如果是这样,这将导致$\u POST
值成为一个数组而不是一个字符串。不仅仅是简单的formagain,$con
在您定义这个的地方???????打印($\u POST)检查您得到了什么,第二个$con
检查您在哪里定义了这个。。。您必须使用SQL注入阻止您的代码。您能显示您的表单代码吗?在任何表单输入的name
属性中是否有括号?比如,
?如果是这样的话,这将导致$\u POST
值是一个数组而不是一个字符串。不仅仅是简单的formagain,$con
在您定义它的地方??????????
<?php
echo '
<main><section><form method="POST" class="contact-form">
<span><i class="fas fa-info-circle"></i>contact</span>
<ul>
<li>
<i class="fa fa-user form-icon"></i>
<input type="text" placeholder="name" required name="user" />
</li>
<li>
<i class="fa fa-at form-icon"></i>
<input type="text" placeholder="email" required name="email"/>
</li>
<li>
<i class="fa fa-link form-icon"></i>
<input type="text" placeholder="link" required name="link"/>
</li>
<li>
<img class="img-capatcha" src="captcha.php">
</li>
<li>
<i class="fa fa-paper-plane form-icon"></i>
<input type="text" placeholder="captcha" required name="captcha" />
</li>
<li>
<i class="fa fa-envelope form-icon"></i>
<textarea placeholder="subject" rows="2" required name="subject"></textarea>
</li>
<li>
<input type="submit" placeholder="Submit" value="ارسال" required name="submit"/>
</li>
</ul></form>
';
//submit
if ($_POST['submit']) {
$user=mysqli_real_escape_string($con,$_POST['user']);
$email=mysqli_real_escape_string($con,$_POST['email']);
$link=mysqli_real_escape_string($con,$_POST['link']);
$subject=mysqli_real_escape_string($con,$_POST['subject']);
// required
if(!empty($_POST['user']) && !empty($_POST['email']) && !empty($_POST['link']) && !empty($_POST['subject'])){
// captcha
if (!empty($_POST["captcha"])&&$_POST["captcha"]!="" && $_SESSION["code"]==$_POST["captcha"]) {
//inserting
$sql = "INSERT INTO contact (`user`,`email`,`link`,`subject`)VALUES('$user','$email','$link','$subject')";
$result = mysqli_query($con, $sql);
if ($result) {
echo "
<div id='oops'>
<div id='succ'>
<p><i class='fas fa-check'></i>succ</p>
</div>
</div>";
}
else{
echo "
<div id='oops'>
<div id='alert'>
<p><i class='fas fa-times'></i>error in inserting</p>
</div>
</div>
";
}
}
else{
echo
"<div id='oopss'>
<div id='warning'>
<p><i class='fas fa-exclamation-circle'></i>error in captcha</p>
</div>
</div>
";
}
}
else{
echo
"<div id='oopss'>
<div id='warning'>
<p><i class='fas fa-exclamation-circle'></i>all input required </p>
</div>
</div>
";
}
}
?>
$host = "localhost";
$user = "root";
$password = "123456789";
$dbname = "test";
$con = mysqli_connect($host, $user, $password,$dbname);