我有一个应用程序,我正在创建一个入站短信应用程序。它从http帖子捕获信息并将其插入数据库。我可以将http post表单保存到文本文件中,但我无法将其保存到MySQL数据库中。我究竟做错了什么??如果你可以发现语法错误比这个是免费的雅!我需要代码来追加条目,使其超级简单谢谢!HTTP发布到MySQL数据库INSERT
<?php
header('Content-Type: text/xml');
$From = $_POST['From'];
$Body = $_POST['Body'];
$ApiVersion = $_POST['ApiVersion'];
$To = $_POST['To'];
$AccountSid = $_POST ['AccountSid'];
$SmsStatus = $_POST['SmsStatus'];
$SmsSid = $_POST ['SmsSid'];
$servername = "localhost";
$username = "root";
$password = "passwordhere";
$dbname = "SMS_Response";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "INSERT INTO iPad_Contest (from, to, sms_message, sms_sid)
VALUES ('$From' , '$To' , '$Body' , '$SmsSid')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>
[Little Bobby](http://bobby-tables.com/)说*** [您的脚本存在SQL注入攻击风险。]( http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***了解[编写](http://en.wikipedia.org/wiki/Prepared_statement )[MySQLi]的声明(http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –
'$ _POST ['SmsSid'];''和'$ AccountSid = $ _POST ['AccountSid'];'你看到它们了吗? –
@JayBlanchard阴性。这不应该阻止进入数据库。我已按照所链接的页面上的所有说明进行操作,但没有成功 – fixnode