0

I have a registration form on my site and I figured I should protect from SQL injection. I can't have that table being dropped maliciously.

Using POST, I collect the input from the form, check it, and then add it to the database. My code is below. I've been testing the form, and though the form is submitted successfully, the table is filled with an empty row...not the data from the form.

What's going on here?

<?php

        $type = $_POST['type']; // a dropdown
        $color = $_POST['color']; // a dropdown 
        $name = mysql_real_escape_string($_POST['name']);
        $address = mysql_real_escape_string($_POST['address']);
        $city = mysql_real_escape_string($_POST['city']);
        $state = $_POST['state']; // a dropdown
        $zip = mysql_real_escape_string($_POST['zip']);
        $phone = mysql_real_escape_string($_POST['phone']);
        $email = mysql_real_escape_string($_POST['email']);
        $where = mysql_real_escape_string($_POST['where']);
        $price = mysql_real_escape_string($_POST['price']);
        $use = mysql_real_escape_string($_POST['use']);

        include 'php/Connect.php';
        $ct = new Connect();
        $con = $ct->connect();  

        if(check($email, $con)) {
            if(register($type, $color, $name, $address, $city, $state, $zip, $phone, $email, $where, $price, $use, $con)) {
                echo '<h1>Success!</h1><p>Thanks for registering your product. A confirmation email has been sent to '.$email.'.</p>';
            }
            else {
                echo '<h1>Error!</h1><p>There were errors processing your registration. Please try again.</p>'; 
            }
        }
        else {
            echo '<h1>Error!</h1><p>This product has already been registered.</p>';
        }

        function check($email, $con) {
            $query = "SELECT * FROM registrations WHERE email='$email'";
            $res = mysql_query($query, $con);
            if ($con) {
                $row = mysql_fetch_assoc($res);
                if($row) {
                    return false; // product registration exists    
                }
                else {
                    return true; // product registration does not exist
                }
            }
            else {
                return false; 
            }
        }

        function register($type, $color, $name, $address, $city, $state, $zip, $phone, $email, $where, $price, $use, $con) {
            $query = "INSERT INTO registrations VALUES ('$type', '$color', '$name', '$address', '$city', '$state', '$zip', '$phone', '$email', '$where', '$price', '$use')";
            $res = mysql_query($query, $con);
            if (!$con) {
                return false;
            }
            else {
                mysql_close($con);
                return true; 
            }
        }
    ?>
4

2 に答える 2

0

使用する前にデータベースに接続しますmysql_real_escape_string
ただし、新しいバージョンを使用することをお勧めします

$connect=mysqli_connect(.......);  
mysqli_real_escape_string($connect,$string);
于 2012-07-12T16:42:36.790 に答える
0

PeeHaa の助けを借りて修正しました。修正されたコードは次のとおりです。

<?php

        include 'php/Connect.php';
        $ct = new Connect();
        $db = $ct->connect();

        $type = $_POST['type'];
        $color = $_POST['color'];
        $name = $_POST['name'];
        $address = $_POST['address'];
        $city = $_POST['city'];
        $state = $_POST['state'];
        $zip = $_POST['zip'];
        $phone = $_POST['phone'];
        $email = $_POST['email'];
        $where = $_POST['where'];
        $price = $_POST['price'];
        $use = $_POST['use'];   

        if(check($email, $db)) {
            if(register($type, $color, $name, $address, $city, $state, $zip, $phone, $email, $where, $price, $use, $db)) {
                echo '<h1>Success!</h1><p>Thanks for registering your product. A confirmation email has been sent to '.$email.'.</p>';
            }
            else {
                echo '<h1>Error!</h1><p>There were errors processing your registration. Please try again.</p>'; 
            }
        }
        else {
            echo '<h1>Error!</h1><p>This product has already been registered.</p>';
        }

        function check($email, $db) {

            $stmt = $db->prepare("SELECT * FROM registrations WHERE email=?");
            $stmt->execute(array($email));
            $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
            if ($db) {
                if($rows) {
                    return false; // product registration exists    
                }
                else {
                    return true; // product registration does not exist
                }
            }
            else {
                return false; 
            }
        }

        function register($type, $color, $name, $address, $city, $state, $zip, $phone, $email, $where, $price, $use, $db) {

            $stmt = $db->prepare("INSERT INTO registrations VALUES(?,?,?,?,?,?,?,?,?,?,?,?)");
            $stmt->execute(array($type, $color, $name, $address, $city, $state, $zip, $phone, $email, $where, $price, $use));

            if (!$db) {
                return false;
            }
            else {
                mysql_close($db);
                return true; 
            }
        }
    ?>
于 2012-07-12T18:06:50.200 に答える