与 php 中的 SQL 数据库建立安全连接
Making a secure connection to a SQL database in php
我正在尝试保护我的数据库凭据,但它们一直显示在 firebug 控制台中。
我只是想将表单信息保存到数据库中。
我的表格 (form.html)
<form id="Form" method="POST" >
<table>
<tr>
<td>Name:</td>
<td><input id="name" name="name" type="text" /></td>
</tr>
<tr>
<td>Address:</td>
<td><input id="address" name="address" type="text" /></td>
</tr>
<tr>
<td>Telephone:</td>
<td><input id="telephone" name="telephone" type="text" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input id="email" name="email" type="email" /></td>
</tr>
</table>
<div class="SubmitButton">
<input type="submit" id="submit" name="submit" value="Submit" />
</div>
</form>
<div id="Response"></div>
</div>
<!-- javascript to handle form data -->
<script type="text/javascript">
$("document").ready(function(){
var frm = $('#Form');
frm.submit(function (ev) {
ev.preventDefault();
var email = $('#email').val();
if(email)
{
$.ajax({
type: "POST",
dataType:"json",
url: "submit.php",
data: frm.serialize(),
success: function () {
$('#Response').empty();
$('#Response').wrapInner("<span class='SuccessMessage'>Your information has been submitted successfully!</span>")
return;
},
error: function () {
$('#Response').empty();
$('#Response').wrapInner("<span class='ErrorMessage'>Your information was not submitted successfully. Please try again.</span>")
}
});
} else {
$('#Response').empty();
$('#Response').wrapInner("<span class='EmailBlankMessage'>Email address is a required field.</span>")
return;
}
});
});
</script>
这是我的 submit.php
<?php
if($_POST)
{
require(dirname(__FILE__)."/../config.php");
$name = $_POST["name"];
$address = $_POST["address"];
$telephone = $_POST["telephone"];
$email = $_POST["email"];
$name = mysql_real_escape_string($name);
$address = mysql_real_escape_string($address);
$telephone = mysql_real_escape_string($telephone);
$email = mysql_real_escape_string($email);
mysql_query("INSERT INTO XXXXX(name, address, telephone, email) VALUES('$name', '$address', '$address', '$email')");
}else {
header("Location: /Form.html");
die();
}
?>
这是我的 config.php
<?
$hostname = "XXXXXX";
$database = "XXXXXX";
$username = "XXXXXX";
$password = "XXXXXX";
mysql_connect($hostname, $username , $password) or die (mysql_error());
mysql_select_db($database ) or die (mysql_error());
配置文件放在根目录之外。然而,我遇到的两个主要问题是它不会将表单数据插入 table 并且来自 config.php 的数据库凭据也会显示在 firebug 控制台中 post 回复。我不明白我的代码有什么问题。
您在 config.php 中的 php 打开标签是 <? - 这是 short open tag,我认为它在您的配置中被禁用。 config.php 中的 php 不会被解释,而是按原样显示。将其更改为常规打开标签 <?php.
另请注意,mysql 扩展已弃用,您应该切换到 PDO 和准备好的语句。
我正在尝试保护我的数据库凭据,但它们一直显示在 firebug 控制台中。
我只是想将表单信息保存到数据库中。
我的表格 (form.html)
<form id="Form" method="POST" >
<table>
<tr>
<td>Name:</td>
<td><input id="name" name="name" type="text" /></td>
</tr>
<tr>
<td>Address:</td>
<td><input id="address" name="address" type="text" /></td>
</tr>
<tr>
<td>Telephone:</td>
<td><input id="telephone" name="telephone" type="text" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input id="email" name="email" type="email" /></td>
</tr>
</table>
<div class="SubmitButton">
<input type="submit" id="submit" name="submit" value="Submit" />
</div>
</form>
<div id="Response"></div>
</div>
<!-- javascript to handle form data -->
<script type="text/javascript">
$("document").ready(function(){
var frm = $('#Form');
frm.submit(function (ev) {
ev.preventDefault();
var email = $('#email').val();
if(email)
{
$.ajax({
type: "POST",
dataType:"json",
url: "submit.php",
data: frm.serialize(),
success: function () {
$('#Response').empty();
$('#Response').wrapInner("<span class='SuccessMessage'>Your information has been submitted successfully!</span>")
return;
},
error: function () {
$('#Response').empty();
$('#Response').wrapInner("<span class='ErrorMessage'>Your information was not submitted successfully. Please try again.</span>")
}
});
} else {
$('#Response').empty();
$('#Response').wrapInner("<span class='EmailBlankMessage'>Email address is a required field.</span>")
return;
}
});
});
</script>
这是我的 submit.php
<?php
if($_POST)
{
require(dirname(__FILE__)."/../config.php");
$name = $_POST["name"];
$address = $_POST["address"];
$telephone = $_POST["telephone"];
$email = $_POST["email"];
$name = mysql_real_escape_string($name);
$address = mysql_real_escape_string($address);
$telephone = mysql_real_escape_string($telephone);
$email = mysql_real_escape_string($email);
mysql_query("INSERT INTO XXXXX(name, address, telephone, email) VALUES('$name', '$address', '$address', '$email')");
}else {
header("Location: /Form.html");
die();
}
?>
这是我的 config.php
<?
$hostname = "XXXXXX";
$database = "XXXXXX";
$username = "XXXXXX";
$password = "XXXXXX";
mysql_connect($hostname, $username , $password) or die (mysql_error());
mysql_select_db($database ) or die (mysql_error());
配置文件放在根目录之外。然而,我遇到的两个主要问题是它不会将表单数据插入 table 并且来自 config.php 的数据库凭据也会显示在 firebug 控制台中 post 回复。我不明白我的代码有什么问题。
您在 config.php 中的 php 打开标签是 <? - 这是 short open tag,我认为它在您的配置中被禁用。 config.php 中的 php 不会被解释,而是按原样显示。将其更改为常规打开标签 <?php.
另请注意,mysql 扩展已弃用,您应该切换到 PDO 和准备好的语句。