mysqli_real_escape_string()找不到我的$ connSQL
[英]mysqli_real_escape_string () can't find my $connSQL
問題描述
我對此函數GetSQLValueString有問題,是軟件將SQL字符串值處理為正確的模式。 該函數將生成以下代碼:
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) :$theValue;
}
$theValue = function_exists("mysqli_real_escape_string") ?
mysqli_real_escape_string($connSQL, $theValue) :
mysqli_escape_string($connSQL, $theValue);
switch ($theType)
{
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
盡管有點難以理解,但這不是一個大問題。
這些代碼嵌入在index.php中,會出現一些問題:
注意:未定義的變量:connSQL
我的index.php
<?php require_once('Connections/connSQL.php'); ?>
<?php
if (!function_exists("GetSQLValueString"))
{
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6)
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($connSQL, $theValue) : mysqli_escape_string($connSQL, $theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$colname_RecUser = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_RecUser = $_SESSION['MM_Username'];
}
mysqli_select_db($connSQL, $database_connSQL);
$query_RecUser = sprintf("SELECT * FROM memberdata WHERE m_username = %s", GetSQLValueString($colname_RecUser, "text"));
$RecUser = mysqli_query($connSQL, $query_RecUser) or die(mysqli_error());
$row_RecUser = mysqli_fetch_assoc($RecUser);
$totalRows_RecUser = mysqli_num_rows($RecUser);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION))
{
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck']))
{
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['m_username'])) {
$loginUsername=$_POST['m_username'];
$password=md5($_POST['m_password']);
$MM_fldUserAuthorization = "m_level";
$MM_redirectLoginSuccess = "membercenter.php";
$MM_redirectLoginFailed = "index.php?errMsg=1";
$MM_redirecttoReferrer = false;
mysqli_select_db($connSQL, $database_connSQL);
$LoginRS__query=sprintf("SELECT m_username, m_passwd, m_level FROM memberdata WHERE m_username=%s AND m_passwd=%s",
GetSQLValueString($loginUsername, "text"),GetSQLValueString($password, "text"));
$LoginRS = mysqli_query($connSQL, $LoginRS__query) or die(mysqli_error());
$loginFoundUser = mysqli_num_rows($LoginRS);
if ($loginFoundUser)
{
$loginStrGroup = mysql_result($LoginRS,0,'m_level');
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false)
{
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else
{
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>會員管理系統 - 首頁</title>
</head>
<body>
<form name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
<table width="250" border="1" align="center">
<tr valign="top"><td align="center">
<p>會員管理系統</p>
<p>帳號:<br>
<input name="m_username" type="text" >
</p>
<p>密碼:<br>
<input name="m_password" type="password">
</p>
<p align="center">
<input type="submit" name="login" value="登入">
</p>
<p><a href="memberjoin.php">馬上申請會員</a></p>
</td></tr>
</table>
</form>
<form name="form2" method="POST">
<?php /*start input_input script*/ if (isset($errMsg) && ($_GET['errMsg'] == 1)){ echo $errMsg; ?>
<table width="250" border="0" align="center">
<tr class="head2">
<tr align="center">
<td>錯誤訊息</td>
</tr>
<tr>
<td align="center">帳號、密碼錯誤,<br>
請重新登入!</td>
</tr>
</table>
<?php } /*end input_input script*/ ?>
</form>
<form name="form3" method="POST">
<?php /*start input_input script*/ if (isset($errMsg) && ($_GET['errMsg'] == 1)){ echo $errMsg; ?>
<table width="250" border="0" align="center">
<tr>
<td align="center"><table width="250" border="0" align="center">
<tr class="head2">
<tr align="center">
<td>錯誤訊息</td>
</tr>
<tr>
<td align="center">請您先登入會員,<br>
或是您的權限不足!</td>
</tr>
</table></td>
</tr>
</table>
<?php } /*end input_input script*/ ?>
</form>
</body>
</html>
<?php
mysqli_free_result($RecUser);
?>
我不明白,其他指令可以在$connSQL找到,除了mysqli_real_escape_string()之外。
請幫我解決這些問題,謝謝
1 個解決方案
解決方案1
1 已采納 2016-03-03 17:01:29
您從connSQL.php獲取$ connSQL,但這是一個全局變量,只需添加:
global $connSQL;
在“ if”語句中,以便能夠捕獲您的變量。
mysqli_real_escape_string mysqli鏈接?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
mysqli_real_escape_string mysqli鏈接?
mySQLI-mysqli_real_escape_string問題
mysqli_real_escape_string()無法正常運行
mysqli_real_escape_string不會插入到db中
mysqli_real_escape_string似乎不起作用
PHP mysqli_real_escape_string參數
mysqli_real_escape_string不起作用?
mysqli_real_escape_string沒有轉義任何東西
mysqli_real_escape_string AND准備好的語句?
mysqli_real_escape_string無法正常工作
相關標簽