【发布时间】:2012-06-08 10:45:52
【问题描述】:
我正在编写一个 php 代码,用户在其中输入各种详细信息,然后以表单形式提交它们。但是,当我提交它时,我得到了一个错误:
警告:mysql_query() [function.mysql-query]: 拒绝用户访问 'sifeiitd'@'localhost'(使用密码:NO) /home/sifeiitd/public_html/wh.php 在第 95 行
警告:mysql_query() [function.mysql-query]:到服务器的链接 无法在线建立/home/sifeiitd/public_html/wh.php 95
我的php代码是
<?php
//include the connection file
require_once('functions/connection.php');
require_once('functions/functions.php');
$display_query = mysql_query("SELECT * FROM eportal");
echo "<table id='pageTable'><thead><tr><th>Item code</th><th>Image</th><th>Description</th><th>Cost</th></tr></thead>";
echo "<tbody>";
while($row = mysql_fetch_array($display_query)){
print "<tr><td>".$row['itemid']."</td><td>"."</td><td>".$row['description']."</td><td>";
print "₹".$row['cost']."</td></tr>";
}
echo "</tbody>";
echo "</table>";
mysql_close($connection);
?>
<?php
//save the data on the DB and send the email
//If the user has submitted the form
if($_POST['submit']){
//protect the posted value then store them to variables
$name = protect($_POST['name']);
$email = protect($_POST['email']);
$contact=protect($_POST['contact']);
$itemid=protect($_POST['itemid']);
$itemquantity=protect($_POST['itemquantity']);
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);
$message = protect($_POST['message']);
//Check if the username or password boxes were not filled in
if(!$name || !$email || !$contact || !$itemid){
//if not display an error message
echo "<center>Fields marked with <strong>( * ƥ</strong> are mandatory!</center>";
}else{
//if the were continue checking
$result = mysql_query("INSERT INTO `wh_order` (`name`, `email`, `contact`, `itemid`, `itemquantity`, `ip`,`message`) VALUES('".$name."','".$email."','".$contact."','".$itemid."','".$itemquantity."','".$ip."','".$message."')");
//send the email with the order
if($result)
{
//send the email
$to = "ps@xyz.com";
$subject = "New order for Weaving Hope";
//headers and subject
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: ".$name." <".$email.">\r\n";
$body = "New contact<br />";
$body .= "Name: ".$name."<br />";
$body .= "Email: ".$email."<br />";
$body .= "Contact No.: ".$contact."<br />";
$body .= "Item Id: ".$itemid."<br />";
$body .= "Quantity: ".$itemquantity."<br />";
$body .= "Comment: ".$message."<br />";
$body .= "IP: ".$ip."<br />";
mail($to, $subject, $body, $headers);
//ok message
echo "Your message has been sent";
}
}
}
?>
【问题讨论】:
-
听起来好像这段代码可以正常运行,但您的连接文件中有错误。数据库名称、路径、用户名或密码不正确。
-
您使用了错误的数据库凭据。另外,
protect是在哪里定义的?这听起来像是一些自写的反 SQLi 东西。如果是,不要这样做 - 你至少应该使用mysql_real_escape_string。如今,首选(也是最安全的方法)是使用 MySQLi 或 PDO 的参数化查询。 -
我修复了错误。它现在接受所有输入。我也收到了邮件。但是数据库还没有更新。