问题描述
我正在尝试通过ajax将有关用户浏览器的信息发送到mysql数据库,这种曾经在另一个站点上正常工作的方法现在正在部分起作用,这意味着有关屏幕和浏览器的宽度/高度,颜色的数据和像素深度未显示在我的数据库中,并且通过php收集的信息已发送/保存.
I am trying to send information about the user browser to a mysql database via ajax and this method that used to work perfectly on another site is now working partially, meaning that the data about the screen and browser width/ height, the color and pixel depth don't appear in my database and the information collected via php are sent/ saved.
这是我的index.html文件中的内容:
Here is what I have in my index.html file:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en">
<head>
<title>Welcome</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<script type="text/javascript">
function ajax_post() {
var hr = new XMLHttpRequest();
var url = "st.php";
var sw = screen.width;
var sh = screen.height;
var bw = document.documentElement.clientWidth;
var bh = document.documentElement.clientHeight;
var cd = screen.colorDepth;
var pd = screen.pixelDepth;
var vars = "sw="+sw+"&sh="+sh+"&bw="+bw+"&bh="+bh+"&cd="+cd+"&pd="+pd;
hr.open("POST", url, true);
hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
hr.onreadystatechange = function() {
if(hr.readyState == 4 && hr.status == 200) {
var return_data = hr.responseText;
}
}
hr.send(vars);
};
ajax_post();
</script>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
My content here
</body>
</html>
这是st.php文件的内容,该文件用于通过php收集信息并将其发送/保存到数据库:
and here is the content of the st.php file used to collect information via php and to send/ seve it to the database:
<?php
$dnt = date(DATE_COOKIE);
$ip = $_SERVER['REMOTE_ADDR'];
$rh = gethostbyaddr($ip);
$re = $_SERVER['HTTP_REFERER'];
$ua = $_SERVER['HTTP_USER_AGENT'];
$al = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$sw = $_POST['sw'];
$sh = $_POST['sh'];
$bw = $_POST['bw'];
$bh = $_POST['bh'];
$cd = $_POST['cd'];
$pd = $_POST['pd'];
$db_host = ********; // the host
$db_user = ********; // the user
$db_password = ***********; // the password
$connection = mysql_connect($db_host, $db_user, $db_password) or die(mysql_error());
mysql_select_db(*******) or die(mysql_error());
$query = "INSERT INTO *********(dnt, ip, rh, re, ua, al, sw, sh, bw, bh, cd, pd)
VALUES ('".mysql_real_escape($dnt)."','".mysql_real_escape($ip)."','".mysql_real_escape($rh)."','".mysql_real_escape($re)."','".mysql_real_escape($ua)."','".mysql_real_escape($al)."','".mysql_real_escape($sw)."','".mysql_real_escape($sh)."','".mysql_real_escape($bw)."','".mysql_real_escape($bh)."','".mysql_real_escape($cd)."','".mysql_real_escape($pd)."')";
mysql_query($query) or die(mysql_error());
?>
我检查了是否没有阻止任何脚本(停用的noscript),我在Firefox,Chrome和Epiphany上进行了尝试,但均未成功:没有有关屏幕和浏览器的宽度/高度,颜色和像素深度的数据.
I checked that I wasn't blocking any script (deactivated noscript), I tried it on Firefox and Chrome and Epiphany without any success: no data about the screen and browser width/ height, the color and pixel depth.
我不知道为什么它不起作用,因为一周前我在同一主机上的一个网站上使用了完全相同的代码,并且效果很好.
I don't have any idea why this is not working as I used exactly the same code one week ago on a website on the same host and it worked perfectly.
谢谢您的帮助.
-----编辑-----
----- EDIT -----
由于@PiTheNumber,我检查了Firebug控制台并跟踪了问题的根源
Thanks to @PiTheNumber I checked the Firebug Console and tracked the origin of the problem
问题解决了
由于我的声誉积分不到100分,因此需要等待6个小时以上才能回答我自己的问题.
Waiting 6 more hours to be able to answer my own question since I have less than 100 points of reputation and therefore cannot answer it right now.
推荐答案
对于 mysql注入!
在插入时使用 mysql_real_escape()
:
$query = "INSERT INTO *********(dnt, ip, rh, re, ua, al, sw, sh, bw, bh, cd, pd)
VALUES ('".mysql_real_escape($dnt)."'...)";
这篇关于通过ajax发送信息,部分工作/失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!