没有SQL注入错误
[英]NO SQL INJECTION ERROR
问题描述
When I submit this form this error appears NO SQL INJECTION . 
当我提交此表单时,此错误出现NO SQL INJECTION 。 The action of this form is the same file .. I tried to do a lot of solutions and nothing works! 这种形式的作用是相同的文件..我试图做很多解决方案,但没有任何效果! How can I escape that error? 如何解决该错误? There is no change on the database. 数据库上没有任何更改。
Here is the php code 这是PHP代码
<?php
include '../inc/config.php';
include 'dbc.php';
page_protect();
if(!checkAdmin()) {
header("Location: login.php");
exit();
}
$ads_id = (isset($_GET['id']) ? $_GET['id'] : NULL);
if (!is_numeric($ads_id)) { die ('No SQL INJECTION') ;};
if ($ads_id) {
$img_ads_info = $mysqli->query("SELECT * FROM `ads_image` WHERE `id` = '$ads_id'");
$row = $img_ads_info->fetch_object();
$section_id = $row->user_id;
$ads2 = $mysqli->query("SELECT users.company_name FROM ads_image,users where
ads_image.user_id = users.id AND ads_image.user_id='$section_id'");
$row2 = $ads2->fetch_object();
?>
<div class="panel panel-default ">
<div class="panel-heading" id="accordion"><span class="glyphicon
glyphicon-comment"></span><?php echo $row->description; ?></div>
<div class="panel-body">
<form role="form" action="manage_images_ads.php" method="POST">
<div class="form-group">
<input type="hidden" name="id" value="<?php echo $row->id;
?>" />
<label>اسم المؤسسة المعلنة</label>
<input required name="company_name" class="form-
control" type="text" maxlength="255" value="<?php echo $row2->company_name; ?>"/>
</div>
<div class="form-group">
<label>عنوان الإعلان</label>
<input required name="title" class="form-control"
type="text" maxlength="255" value="<?php echo $row->title; ?>"/>
</div>
<div class="form-group">
<label>صورة الإعلان</label>
<img src="upload/<?php echo $row->up; ?>" />
</div>
<div class="form-group">
<label>عدد المشاهدات</label>
<input required name="views" class="form-control"
type="text" maxlength="255" value="<?php echo $row->views; ?>"/>
</div>
<div class="form-group">
<label>رابط الإعلان</label>
<input required name="ad_link" class="form-control"
type="text" maxlength="255" value="<?php echo $row->ad_link; ?>"/>
</div>
<button style="float:left" type="submit"
value="submit" class="btn btn-success btn-md" id="btn-chat">Send</button>
</div>
</form>
<?php
if(isset($_POST['submit'])) {
$title = $mysqli->real_escape_string($_POST['title']);
$ad_link = $mysqli->real_escape_string($_POST['ad_link']);
$views = $mysqli->real_escape_string($_POST['views']);
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$sql = "UPDATE ads_image SET `title`='$title',`ad_link`='$ad_link',`views`='$views'
WHERE `id`='$ads_id'";
if ($mysqli->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $mysqli->error;
}
$mysqli->close();
}
}
?>
1 个解决方案
解决方案1
0 2014-11-12 06:09:14
The reason is that your form has 'method="POST"' while php is looking for id in the $_GET superarray. 原因是当php在$ _GET超级数组中查找id时,您的表单具有'method =“ POST”'。 Just change 只是改变
$ads_id = (isset($_GET['id']) ? $_GET['id'] : NULL);
to 至
$ads_id = (isset($_POST['id']) ? $_POST['id'] : NULL);
and it should start work properly. 并且应该可以正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
这是SQL注入错误? - is this sql injection error?
sql注入登录表单错误 - sql injection login form error
SQL注入检查和PHP抛出错误 - SQL injection check and php throw error
SQL注入:尝试避免这种情况,但出现错误 - SQL Injection: trying to avoid it but got an error
创建用于sql注入的演示时出现sql语法错误 - sql syntax error while creating a demo for sql injection
从url接收数据时无法解决sql注入错误 - unable to solve the sql injection error while recieving data from url
PHP:在查询中使用IN语句进行SQL注入预防时出错 - PHP: Error when using IN statement in query with SQL injection prevention
SQL注入无法处理SQL注入易受攻击的表单? - SQL Injection not working on SQL injection vulnerable forms?
使用PHP的SQL注入 - Sql injection using php
SQL注入:机制 - SQL injection: mechanism
相关标签