问题描述:

i have some php source it can send form data info to other page under mysql 4.x version.

but after upgraded to mysql 5.x version, this php source can't send form data info to other page.

i was searched many info, but don't have idea what's wrong with my php source.

i just can guess this is related with mysql upgrade and i have to edit my php source,

but lack of knowledge it very tough for me.

if anyone help me or give some hint it really appreciate!

my php source is consist of 3 part.

form sender page ( http://pastebin.com/3Sg7SyWV )

-> submited form data info checking page ( http://pastebin.com/WEx5tEn2 )

-> insert form data to DB ( http://pastebin.com/918iZkgw )

for several day i was search and search but lack of my knowledge about php and mysql

it very hard to resolve.

Thanks in advance

网友答案:

You're not checking if your insert query succeeds. I can't tell which MySQL library you're using, but generally they all return FALSE if a query fails, so you could change your query line to something like:

$DB->ExecSql($InsertQuery) or die($DB->whatever_returns_error_information());

If something's wrong with the query, then this would abort the script and output any error information produced.

As well, it doesn't look like you're escaping your query data anywhere. That leaves you wide open to SQL injection. And as well, any of the form data which contains even a single quote (') will "break" the query by introducing syntax errors. If you had proper error checking in there, you'd have gotten a syntax error report.

For that matter, where are you extracting the submitted data and building all those variables you paste into the query? There's only one place in your three scripts where $_POST is referred to, and it seems to be in an error output function which simply dumps out each key/value as hidden form fields (and in there you're also not escaping/quoting the data, so your form itself is vulnerable to XSS attacks).

相关阅读:
Top