0

This error appear and i do not know why, here is my code: 

// Create connection 
$conn = @mysqli_connect($server,$user,$pass,$dbname) or die('can not connect to php');

$sql_store = "INSERT into test (userName, userAgent, language,
javaEnabled, height) VALUES ('$userName', '$userAgent',
'$language', '$javaEnabled', '$height')";
$sql = mysqli_query($conn, $sql_store) or die(mysqli_error($conn));

and this is my javascript for the height: 

function height(){
var height = screen.height;
document.getElementById('height').innerHTML = height;
return height;
}

and here is the passing 

xmlhttp.open("POST", example.com/ex.php", true);
xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

xmlhttp.send("userName=" + checkCookie() +
             "&userAgent=" + userAgent() +
             "&language=" + language() +
             "&javaEnabled=" + javaEnabled() +
             "&height=" + height()); /*  fire and forget */
return true;
frraj
  • 27
  • 5
  • 2
    $height probably is not integer in value. – Karlo Kokkak Mar 18 '18 at 02:28
  • 2
    I doubt this is your real code: your last code block has mismatched quotes, which are made obvious by the syntax highlighting. Please make sure to copy and paste your code _exactly_. Otherwise how can we know which errors are meaningful? – ChrisGPT was on strike Mar 18 '18 at 02:29
  • 2
    Your code may also be vulnerable to sql injections: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Karlo Kokkak Mar 18 '18 at 02:39

1 Answers1

1

You should check if the value of $height is a valid integer before sending it to the database.

Something like this, before the $sql_store line, should help:

$height = round($height);
Dionei Miodutzki
  • 657
  • 7
  • 16