php - error insert into mysqli database -


i have insert data mysqli database

<?php     $servername = "localhost";     $username = "xxxxx";     $password = "xxxxx";     $dbname = "xxxxx";     $url = "http://$_server[http_host]$_server[request_uri]";     $ip_address = $_server['remote_addr'];     $last_url = $_server['http_referer'];      // create connection     $conn = new mysqli($servername, $username, $password, $dbname);     // check connection     if ($conn->connect_error) {         die("connection failed: " . $conn->connect_error);     }       $sql = "insert url_referer (url_referer, ip address, current_url) values ('$last_url', '$ip_address', '$url')";      if ($conn->query($sql) === true) {         echo "  ";     } else {         echo "error: " . $sql . "<br>" . $conn->error;     }      $conn->close();     ?>

i keep getting error:

error: insert url_referer (url_referer, ip address, current_url) values ('', '72.69.102.254', 'http://bithumor.co/') have error in sql syntax; check manual corresponds mysql server version right syntax use near 'address, current_url) values ('', '72.69.102.254', 'http://bithumor.co/')' @ line 1

how fix this?

if column name indeed contain space ip address needs wrapped in ticks or rename column name have undercore.

(url_referer, `ip address`, current_url)

or rename it

(url_referer, ip_address, current_url)

then won't need ticks.

however, ticks required if contains mysql reserved word, or hyphen, or else complain about.

sidenote: noticed have both table , column bearing same name url_referer. make sure in fact case.

plus, per comment:

another thing. if still gives problems, need escape data.

i.e.:

$last_url = $_server['http_referer']; $last_url = mysqli_real_escape_string($conn, $last_url);

and apply logic variables inserted in table.

your present code open sql injection. use prepared statements, or pdo prepared statements, they're safer.

mysqli prepared statements example:

<?php  $link = new mysqli('xxx', 'xxx', 'xxx', 'xxx'); if ($link->connect_errno) {     throw new exception($link->connect_error, $link->connect_errno); }  // check expected value has been provided via post request if (!isset($_post['input'])) {     throw new exception('missing post request parameter [input]'); }  // prepare insert statement if (!$stmt = $link->prepare('insert `table` (`column_x`) values (?)')) {     throw new exception($link->error, $link->errno); }  // bind parameters $stmt->bind_param('s', $_post['input']);  if (!$stmt->execute()) {     throw new exception($stmt->error, $stmt->errno); }

add error reporting top of file(s) find errors.

<?php  error_reporting(e_all); ini_set('display_errors', 1);  // rest of code

sidenote: error reporting should done in staging, , never production.


Comments

Post a Comment

Popular posts from this blog

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

php - Bypass Geo Redirect for specific directories -

i'm trying bypass redirect specific url within site. wondering if might able help. the code below code use, original urls replaces example.com i'd able access http://example.com/admin without redirect occuring. is there way this, , there way using own ip? function country_geo_redirect() { $country = getenv('http_geoip_country_code'); if ($country == "us" ) { wp_redirect("http://usa.example.com/"); exit; } else if ($country == "gb" ) { wp_redirect("http://uk.example.com/"); exit; } } add_action('init', 'country_geo_redirect'); you can bypass redirection code if server found ip address. if ip address == <my ip address> ' nothing here else country_georedirect() end if
Read more

php - .htaccess mod_rewrite for dynamic url which has domain names -

i want convert url ex:( example.com/link.php?url=facebook.com ) ( example.com/facebook.com.php ) how can using .htaccess. or there other process make job easier ? i tried adding script .htaccess file options +followsymlinks rewriteengine on rewriterule url-(.*)\.htm$ link.php?url=$1 but converting url adding "url-" ( example.com/url-facebook.com.php ) i want remove "url-" , want make ( example.com/facebook.com.php ) rewriteengine on rewritecond %{the_request} ^get.*link\.php\?url\= [nc] rewritecond %{request_uri} !/system/.* [nc] rewriterule (.*?)link\.php\?url\=/*(.*) /$1$2 [r=301,ne,l] not sure how above work edit of used use remove index.php url
Read more