Ok, so when I wrote a register.php script and tries to execute the command I have an unexpected t The variable is obtained. Error is located on line 15
('$ _ post [user name]', '$ _ post [sha_pass_hash]', '$ _ post [email]', '2') "; I also have a second line in my sentence composition die> ('error:' mysql_error ( );; If someone can help you, it will be highly appreciated. Thanks in advance.
stop
insert a bad idea into a database directly from the post This is the reason why it is always stuck with a very unimaginable magic quote in PHP.
You should be on very low mysql_real_escape_string () to avoid your data For example:
$ link = mysql_connect ('mysql_host', 'mysql_user', 'mysql_password') or die (mysql_error ()); $ Query = "included in user values ('". Mysql_real_escape_string ($ _ POST [" user name "])."', '".mysql_real_escape_string ($ _ POST [" sha_pass_hash "]). "','". Mysql_real_escape_string ($ _POST ["Email"]). "',' 2 ')"; I ysql_query ($ query); The reason you do this is security based, for example if you set some malicious user name fields to ';); Drop Table Users; You can blindly run the following queries without first avoiding your data: Enter user values (''); Drop Table Users; Which is not going to be good for your application at all.
This is the minimum you should do. In fact, you should actually move forward which is a more modern MySQL interface. Here's an example
$ mysqli = new mysqli ('mysql_host', 'mysql_user', 'Mysql_password', 'mysql_database'); $ Query = "Include in user values ('$ mysqli- & gt; real_escape_string ($ _ POST [" user name "])."', '". $ Mysqli- & gt; real_escape_string ($ _ POST [" Sha_pass_hash "]." ''. $ Mysqli- & gt; real_cape_string ($ _ POST ["email"]). '', '2') "; $ Mysqli- & gt; query ($ query); You can also use MySQL in a procedural style, so if object-oriented programming is not accessible to you, then there will be no problem with MySQLi.
Hope that helps.
Comments
Post a Comment