1. 首頁
  2. 問答
  3. 類型'字符串'是一個意外的參數,期望Mysqli [mysqli_real_escape_string]

類型'字符串'是一個意外的參數,期望Mysqli [mysqli_real_escape_string]

2017-02-15 76 views
0

我試圖堅持我的數據庫中的angularjs元素。類型'字符串'是一個意外的參數,期望Mysqli [mysqli_real_escape_string]

我正在使用mySQL和PHP。

When I try to persist, I obtain this error: Warning: 'dabdsa' of type 'String' is an unexpected argument, expected Mysqli [mysqli_real_escape_string]
Warning: function 'mysqli_real_escape_string' has 2 required arguments, but only 1 were provided [mysqli_real_escape_string]

我不知道發生了什麼事。

我app.js代碼:

var app = angular.module("TestIdoneidadApp", []); 
       app.controller("TIController", ['$scope','$http', function($scope, $http) { 
        $scope.gestor= ''; 
        $scope.entidad= ''; 
        $scope.save=function(){ 

         $scope.xml_object = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><testIdoneidad>'; 
         $scope.xml_object += '<gestor>' + $scope.ti.gestor + '</gestor>'; 
         $scope.xml_object += '<entidad>' + $scope.ti.entidad + '</entidad>'; 
         $scope.xml_object += '</testIdoneidad>'; 
         $http.post("insert.php", {'xml_object':$scope.xml_object}); 
         } 
       }]);

我insert.php代碼:

<?php header('Access-Control-Allow-Origin: *'); 
header('Access-Control-Allow-Headers: Authorization, Content-Type'); 
header('Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE'); 
$servername = "localhost"; 
$username = "msandbox"; 
$password = "msandbox"; 
$dbname = "angular_db"; 
$port = "5631"; 
// Create connection 
$conn = mysqli_connect($servername, $username, $password, $dbname, $port); 
// Check connection 
if (!$conn) { 
    die("Connection failed: " . mysqli_connect_error()); 
} 
$data = json_decode(file_get_contents("php://input")); 
$xml_object = mysqli_real_escape_string($data->xml_object); 
$sql = "INSERT INTO test_idoneidad (xml_object) 
VALUES ('".$xml_object."')"; 

if (mysqli_query($conn, $sql)) { 
    echo "New record created successfully"; 
} else { 
    echo "Error: " . $sql . "<br>" . mysqli_error($conn); 
} 
mysqli_close($conn); 
?>

與數據庫的連接是否正確,如果我嘗試插入類似 「測試」在價值中,這是有效的。

有人可以幫助我嗎?

謝謝你的建議。

來源

2017-02-15 DMC19

+0

你的腳本是[SQL注入攻擊]的風險(http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection- in-php) 看看發生了什麼事[Little Bobby Tables](http://bobby-tables.com/)即使是 [如果你正在逃避輸入,它不安全!](http:// stackoverflow。 com/questions/5741187/sql -injection-that-around-mysql-real-escape-string) 使用[prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared- statement.php) – RiggsFolly

+0

感謝您的意見@RiggsFolly – DMC19

回答

0

更改您的代碼

$xml_object = mysqli_real_escape_string($conn, $data->xml_object);

來源

2017-02-15 14:01:17 powtac

+0

非常感謝您。這對我有用 – DMC19

相關問題

 相關問題