$valor ) { $_GET[$variable]=strtolower($_GET[$variable]); $_GET[$variable] = strtr($_GET[$variable], "ñáéíóú%'", "naeiou "); } foreach( $_POST as $variable => $valor ) { $_POST[$variable]=strtolower($_POST[$variable]); $_POST[$variable] = strtr($_POST[$variable], "ñáéíóú%'", "naeiou "); } $proh="< %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \x3c \x3C \u003c \u003C ' -- /* */ select insert update delete drop order by -shutdown"; $iny=explode("\n",$proh); foreach( $_GET as $variable => $valor ) $parametros .= $_GET[$variable]; foreach( $_POST as $variable => $valor ) $parametros .= $_POST[$variable]; for ($i=0;$i alert('Existen carácteres no válidos en los datos ingresados, por favor verifique correctamente los datos y elimine los carácteres extraños. $iny[$i]'); history.go(-1) "; exit(); } } $errorsql=0; //echo $_SERVER["QUERY_STRING"]; if (stripos($_SERVER["QUERY_STRING"],"'")>0 ) $errorsql=1; if (stripos($_SERVER["QUERY_STRING"],"select")>0 ) $errorsql=1; if ($errorsql==1) { echo ""; exit(); } if ($mysql!="ok") { $servername = "localhost"; $username = "superhos_user"; $password = "BxUxE9H-f19j"; $database = "superhos_superhosting.cl"; // Usa el nombre original // Crear la conexión usando mysqli $conn = mysqli_connect($servername, $username, $password, $database); // Verificar la conexión if (!$conn) { die("Error de conexión: " . mysqli_connect_error()); } // Establecer el conjunto de caracteres mysqli_set_charset($conn, "utf8mb4"); if (!$conn) { die("Error de conexión con mysqli: " . mysqli_connect_error()); } $sql = "SELECT NOW()"; $result = mysqli_query($conn, $sql); // Verificar si la consulta tuvo éxito if ($result) { $rs = mysqli_fetch_array($result); //echo $rs[0]; // Imprime la fecha y hora actuales } else { echo "Error en la consulta: " . mysqli_error($conn); } foreach ($_GET as $variable => $valor) { $_GET[$variable] = sprintf('%s', $valor); // Usa sprintf para formatear $_GET[$variable] = addcslashes(mysqli_real_escape_string($conn, $_GET[$variable]), '%'); // Escapar caracteres especiales // Si es necesario, puedes usar htmlspecialchars() en lugar de ENT_QUOTES $_GET[$variable] = htmlspecialchars($_GET[$variable], ENT_QUOTES, 'UTF-8'); } // Procesar $_POST con mysqli_real_escape_string foreach ($_POST as $variable => $valor) { $_POST[$variable] = sprintf('%s', $valor); // Usa sprintf para formatear $_POST[$variable] = addcslashes(mysqli_real_escape_string($conn, $_POST[$variable]), '%'); // Escapar caracteres especiales // Si es necesario, puedes usar htmlspecialchars() en lugar de ENT_QUOTES $_POST[$variable] = htmlspecialchars($_POST[$variable], ENT_QUOTES, 'UTF-8'); } function miles($v) { return number_format($v,0,'.','.'); } function limpiar_url($url) { $url=strtolower($url); $url=trim($url); $url=strip_tags($url); $url=str_replace(" ","-",$url); $url=str_replace("\"","",$url); $url=str_replace("_","-",$url); //$url=str_replace(",","_",$url); $url=str_replace("?","",$url); $url=str_replace("¿","",$url); $url=str_replace("__","_",$url); $url=str_replace(":","_",$url); $url=str_replace("%","_",$url); $url=str_replace("*","_",$url); $url=str_replace("_","-",$url); $url=str_replace("ñ","n",$url); $url=str_replace("--","-",$url); $url=str_replace("á","a",$url); $url=str_replace("é","e",$url); $url=str_replace("í","i",$url); $url=str_replace("ó","o",$url); $url=str_replace("ú","u",$url); $url=strtolower($url); if (substr($url,strlen($url)-1,1)=="/") $url=substr($url,0,strlen($url)-1); return $url.".html"; } } $valor_dominio=19900; $conn_visita=""; $mysql="ok"; ?>Error de conexión: