我的托管网络服务器根目录是/ public_html,我创建了一个与public_html(/ private)相同级别的文件夹,并创建了一个包含我的数据库登录信息的.ini文件,正如我在本教程中看到的那样
https://teamtreehouse.com/community/how-do-you-store-your-mysql-user-credentials-in-a-secure-way
所以我的文件夹结构看起来像这样
/
|
-private
| |
| -db.ini
-public_html
|
-website files
-mailer.php
我正在使用grecaptcha。我想验证是否没有机器人使用我的表单,向我的电子邮件发送电子邮件通知,最后将客户信息保存到一个小型数据库。我的grecaptcha工作正常,电子邮件正在发送,我有一个问题将信息发送到我的数据库。
<?php
// Checks if form has been submitted
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
function post_captcha($user_response) {
$fields_string = '';
$fields = array(
'secret' => 'USERINFO',
'response' => $user_response
);
foreach($fields as $key=>$value)
$fields_string .= $key . '=' . $value . '&';
$fields_string = rtrim($fields_string, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,
'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
$result = curl_exec($ch);
curl_close($ch);
return json_decode($result, true);
}
// Call the function post_captcha
$res = post_captcha($_POST['g-recaptcha-response']);
if (!$res['success']) {
$output = json_encode(array('success' => false));
die($output);
} else {
if($_POST) {
$to = "admin@tremecji.com"; // your mail here
$name = filter_var($_POST["name"], FILTER_SANITIZE_STRING);
$email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);
$phone = filter_var($_POST["phone"], FILTER_SANITIZE_STRING);
$message = filter_var($_POST["message"], FILTER_SANITIZE_STRING);
$subject = "$name pregunta desde tremeji.com";
$body = "Mensaje enviado de pagina tremecji.com\nMENSAJE: $message\nE-MAIL: $email\NUMERO DE CONTACTO: $phone";
if(@mail($to, $subject, $body)) {
//db connection ==================================================
//$mysqli = new mysqli('host','user','password','db'); <--- this used to work
$mydb = parse_ini_file('../private/db.ini');
$mysqli = new mysqli( $mydb['servername'],$mydb['username'], $mydb['password'], $mydb['dbname']);
// revision de conneccion
if( $mysqli -> connect_error ){
die( 'Connec error: ' . $mysqli->connect_error . ': ' .$mysqli->connect_error );
}
// insert data
$sql = "INSERT INTO clientes (nombre, email, telefono ) VALUES('{$mysqli->real_escape_string($_POST['name'])}', '{$mysqli->real_escape_string($_POST['email'])}', '{$mysqli->real_escape_string($_POST['telefono'])}'";
$insert = $mysqli->query($sql);
$mysqli->close();
$output = json_encode(array('success' => true));
die($output);
}
}
}
}
在我尝试保护登录信息之前,它曾经工作过,我尝试将路径更改为我的db.ini文件但没有成功