0

フォームを統合するワードプレスの投稿およびページプラグインで PHP を許可するを使用しています

警告: mysql_real_escape_string(): 21 は ..wp-includes\wp-db.php の 789 行目の有効な MySQL-Link リソースではありません

警告: mysql_error(): 21 は ..wp-includes\wp-db.php の 1102 行目の有効な MySQL-Link リソースではありません

私のフォームのコードはこちら

    $con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("form", $con);
$sql="INSERT INTO data (consignor,consignee, conveyance, origin, entry_port, importing_country, container_no, package_no, package_type, product_name, bot_name, quantity, certify, add_declaration, date,treatment, duration_temprature, concentration, add_information, inspector_name, place, name_designation, issue_date)
VALUES
('$_POST[exporter]', '$_POST[importer]', '$_POST[conveyance]', '$_POST[origin]', '$_POST[dpoe]', '$_POST[impcon]', '$_POST[container]', '$_POST[nopk]', '$_POST[tyop]', '$_POST[name]', '$_POST[botname]', '$_POST[quantity]', '$_POST[certify]', '$_POST[declaration]', '$_POST[date]', '$_POST[treatment]', '$_POST[dutemp]', '$_POST[concen]', '$_POST[adinfo]', '$_POST[insname]', '$_POST[place]', '$_POST[namedesg]', '$_POST[dateissue]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Form Submitted";

mysql_close($con);
?>
<form action="#" method="post">
<table height ="200px" width="676" border="1" cellspacing="0" cellpadding="0">

<tr>
<td colspan="7" valign="top" width="676"> 
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">1. Exporter/Consignor (Name & Address)<br/>
<input type="text" name="exporter" />
</td>
<td colspan="4" valign="top" width="356">2. Importer/Consignee (Name & Address)
 <input type="text" name="importer" />
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">3. Declared means of conveyance
<input type="text" name="conveyance" /></td>
<td colspan="4" valign="top" width="356">4. Place of Origin<br/>
<input type="text" name="origin" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">5. Declared Port of entry<br/>
<input type="text" name="dpoe" /></td>
<td colspan="4" valign="top" width="356">6. Department of Plant Protection of Pakistan To Plant Protection Organization Of (importing country)<br/>
<input type="text" name="impcon" />
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">7. Distinguishing marks/Container No./ Seal No.<br/>
<input type="text" name="container" /></td>
<td colspan="3" valign="top" width="172">8. No. of Packages<br/>
<input type="text" name="nopk" />
</td>
<td valign="top" width="184">9. Type of packages<br/>
<input type="text" name="tyop" /></td>
</tr>
<tr>
<td valign="top" width="221">10. Name of Product<br/>
<input type="text" name="name" /></td>
<td colspan="4" valign="top" width="233">11. Botanical name of plant
<br/>
<input type="text" name="botname" />
</td>
<td colspan="2" valign="top" width="221">12. Quantity<br/>
<input type="text" name="quantity" /></td>
</tr>
<tr>
<td colspan="7" valign="top" width="676">13. This is to certify that the plants, plant products or other regulated articles described herein above have been inspected and/ or tested according to appropriate official procedures and are considered to be free from the quarantine pests, specified by the importing contracting party and to conform with the current phytosanitary requirements  of the importing contracting party including those for regulated non-quarantine pests.<br/>
<input type="checkbox" name="certify" value="Yes"/> Yes
<input type="checkbox" name="certify" value="No"/> No<br/>
 </td>
</tr>
<tr>
<td colspan="7" valign="top" width="676">14. Additional Declaration
<br/>
<textarea name="declaration" cols="40" rows="2">Please limit your response to 200 characters.</textarea><br />
</td>
</tr>
<tr>
<td colspan="7" valign="top" width="676" bgcolor="grey">
<p align="center"><strong>Disinfestations and / or disinfection treatment </strong></p>
</td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">15. Date
<br/>
<input type="text" name="date" /></td>
<td colspan="4" valign="top" width="356">16. Treatment<br/>
<input type="text" name="treatment" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">17. Duration & Temperature
<br/>
<input type="text" name="dutemp" />
</td>
<td colspan="4" valign="top" width="356">18. Concentration<br/>
<input type="text" name="concen" /></td>
</tr>
<tr>
<td colspan="3" valign="top" width="320">19. Additional Information
<br/>
<textarea name="adinfo" cols="40" rows="2">Please limit your response to 200 characters.</textarea><br />
</td>
<td colspan="4" valign="top" width="356">20. Name of Inspector<br/>
<input type="text" name="insname" /></td>
</tr>
<tr>
<td colspan="2" valign="top" width="240">21. Stamps of Organization
<br></br><br></br>
 </td>
<td rowspan="2" colspan="2" valign="top" width="168">
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong> </strong></p>
<p align="right"><strong>PROGRESSIVE </strong></p>
</td>
<td rowspan="2" colspan="3" valign="top" width="340">23. Place of issue<br/>
<input type="text" name="place" /><br/>
24. Signature__________________________<br/><br></br>
25. Name and designation of authorized officer
<input type="text" name="namedesg" /> <br/><br/>
26. Date <br/>
<input type="text" name="dateissue" /></p></td>
</tr>
<tr>
<td colspan="2" valign="top" width="240">22. No financial liability with respect to this certificate shall attach to department of plant protection or to any of its officers or representatives
<br></br></td>
</tr>
<tr>
<td width="221" border="0"></td>
<td width="19"></td>
<td width="80"></td>
<td width="48"><input type="submit" value="Submit Form" /></td>
<td width="47"><input type="reset" value="Reset" /></td>
<td width="137"></td>
<td width="220"></td>
</tr>
<tr><td></td>
<td></td>
<td></td>
<td align="right"></td>
</tr>
</table>
</form>
</html>
4

1 に答える 1

1

wordpress では、通常の mysql システムを使用してデータベースを呼び出すことはできません。経由でデータベースを呼び出す必要があります

global $wpdb;

その他の例については、このリンクを参照してください。http://codex.wordpress.org/Class_Reference/wpdb

編集

PHP 呼び出しコードを次のように変更してみてください。

編集2

SQL 攻撃から保護するためにいくつかのコードを追加します。基本的に変数に入れてエスケープします。

<?php
//no need to connect & close to db. it's done automatically by wpdb.
// the database MUST be the same with wordpress database. only different tables.
global $wpdb;

//protect your codes from attacks.
@ isset($_POST['exporter']) ? $exporter=$wpdb->escape($_POST['exporter']) : $exporter='';
@ isset($_POST['importer']) ? $importer=$wpdb->escape($_POST['importer']) : $importer='';
@ isset($_POST['conveyance']) ? $conveyance=$wpdb->escape($_POST['conveyance']) : $conveyance='';
//....
@ isset($_POST['dateissue']) ? $dateissue=$wpdb->escape($_POST['dateissue']) : $dateissue='';


if (!$wpdb->insert('data',
                        array(
                            'consignor'=>$exporter
                            ,'consignee'=>$importer
                            ,'conveyance'=>$conveyance
                            //...
                            ,'issue_date'=>$dateissue
                        ))) exit;
else {echo 'Form Submitted';}
?>
于 2012-11-28T07:13:34.463 に答える