0
我有一個應用程序,我正在創建一個入站短信應用程序。它從http帖子捕獲信息並將其插入數據庫。我可以將http post表單保存到文本文件中,但我無法將其保存到MySQL數據庫中。我究竟做錯了什麼??如果你可以發現語法錯誤比這個是免費的雅!我需要代碼來追加條目,使其超級簡單謝謝!HTTP發佈到MySQL數據庫INSERT
<?php
header('Content-Type: text/xml');
$From = $_POST['From'];
$Body = $_POST['Body'];
$ApiVersion = $_POST['ApiVersion'];
$To = $_POST['To'];
$AccountSid = $_POST ['AccountSid'];
$SmsStatus = $_POST['SmsStatus'];
$SmsSid = $_POST ['SmsSid'];
$servername = "localhost";
$username = "root";
$password = "passwordhere";
$dbname = "SMS_Response";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "INSERT INTO iPad_Contest (from, to, sms_message, sms_sid)
VALUES ('$From' , '$To' , '$Body' , '$SmsSid')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>
[Little Bobby](http://bobby-tables.com/)說*** [您的腳本存在SQL注入攻擊風險。]( http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***瞭解[編寫](http://en.wikipedia.org/wiki/Prepared_statement )[MySQLi]的聲明(http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –
'$ _POST ['SmsSid'];''和'$ AccountSid = $ _POST ['AccountSid'];'你看到它們了嗎? –
@JayBlanchard陰性。這不應該阻止進入數據庫。我已按照所鏈接的頁面上的所有說明進行操作,但沒有成功 – fixnode