use*_*269 0 php mysql security
我只是一个初学者,我的代码有什么问题,我正在尝试对此进行试验,以便我要创建的网页不会受到mysql注入的攻击.这样做的正确方法是什么:
<?php
$host="localhost";
$username="root";
$password="";
$db_name="testing";
$tbl="hospital";
$connection=mysql_connect($host, $username, $password) or die("cannot connect!");
mysql_select_db($db_name, $connection) or die("cannot select db!");
$LASTNAME = $_POST[lname];
$FIRSTNAME = $_POST[fname];
$FIRSTNAME=(isset($_POST['fname']||trim($_POST['fname'])=="")?die('Error:Enter Firstname!')
mysql_escape_string(trim($_POST['fname']));
$sqlque="INSERT INTO hospital (LASTNAME, FIRSTNAME)
VALUES ('$LASTNAME', '$FIRSTNAME')";
if (!mysql_query($sqlque,$con))
{
die('Error: ' . mysql_error());
}
echo "<script>alert('Record successfully added!')</script>";
mysql_close($con)
?>
这是错误,请帮助,谢谢:
Parse error: parse error, expecting `','' or `')'' in C:\wamp\www\sql injection check\aisaction.php on line 20