我正在尝试在我的代码中使用mysql_real_escape_string。它适用于本地主机。而它在其他服务器上显示错误。我怎样才能找到解决方案。任何人都可以给我解决方案我的代码有什么问题吗
<?php
$username = "abcdb";
$password = "Abc@2014";
$hostname = "abcdb.db.9135182.hostedresource.com";
$db = "abcdb";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');
//connection to the database
$name="";
$email="";
$batch="";
$mobile="";
if (isset($_POST['submit'])) {
$error = "";
if (!empty($_POST['name'])) {
$name = mysql_real_escape_string($_POST['name']);
} else {
$error .= "You didn't type in your name. <br />";
}
if (!empty($_POST['email'])) {
$email =mysql_real_escape_string($_POST['email']);
if (!preg_match("/^[_a-z0-9]+('.[_a-z0-9-]+)*@[a-z0-9-]+('.[a-z0-9-]+)*('.[a-z]{2,3})$/i", $email)){
$error .= "The e-mail address you entered is not valid. <br/>";
}
} else {
$error .= "You didn't type in an e-mail address. <br />";
}
if (!empty($_POST['batch'])) {
$batch =mysql_real_escape_string($_POST['batch']);
if (!preg_match('/^[0-9]{4}$/', $batch)) {
$error .= "Enter a valid batch. <br/>";
}
}
else {
$error .= "You didn't type batch. <br />";
}
if(($_POST['code']) == $_SESSION['code']) {
$code = $_POST['code'];
} else {
$error .= "The captcha code you entered does not match. Please try again. <br />";
}
if (!empty($_POST['mobile'])) {
$mobile =mysql_real_escape_string($_POST['mobile']);
if (!preg_match('/^[0-9]{10}$/', $mobile)) {
$error .= "Enter a valid Mobile number. <br/>";
}
}else {
$error .= "You didn't type your Mobile Number. <br />";
}
研究使用预准备语句(例如使用 mysqli - http://php.net/manual/en/book.mysqli.php)。 mysql_real_escape_string已被弃用。您的服务器和本地主机 mysql 版本可能不同。
请参阅为什么我不应该在 PHP 中使用 mysql_* 函数?
此外,您刚刚发布的错误消息为您提供了线索。在调用 mysql_real_escape_string 之前测试您传递的参数是否为字符串
见 http://php.net/manual/en/function.is-string.php