故障排除PHP/SQL登录脚本
问题描述:
所以,当我运行这个登录脚本,我得到以下错误:故障排除PHP/SQL登录脚本
PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in (...) on line 116.
我打电话数据库的脚本的顶部,而不是从得到任何错误梨...的print_r($ DB)返回一个对象...
代码如下:
<?php
function &db_connect() {
require_once 'DB.php';
PEAR::setErrorHandling(PEAR_ERROR_DIE);
$db_host = 'internal-db.xxxxx.gridserver.com';
$db_user = 'xxxxx';
$db_pass = 'xxxx';
$db_name = 'xxxxx_wedding2';
$dsn = "mysqli://$db_user:[email protected]$db_host/$db_name";
$db = DB::connect($dsn);
$db->setFetchMode(DB_FETCHMODE_OBJECT);
return $db;
}
$db = &db_connect();
if (DB::isError ($db))
die ("Cannot connect: " . $db->getMessage() . "\n");
if (!isset($_SESSION['uid'])) {
session_defaults();
}
function session_defaults() {
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
}
class User {
var $db = null; //PEAR::DB pointer
var $failed = false; //failed login
var $date; //current date
var $id = 0; //current users id
function User(&$db) { //is this the constructor?
$this->db = $db;
$this->date = $GLOBALS['date'];
$this->role = $_SESSION['role'];
if ($_SESSION['logged']) {
$this->_check_Session();
} elseif (!isset($_COOKIE['myLogin'])) {
$this->_checkRemembered($_COOKIE['myLogin']);
}
}
function _checkLogin($username, $password, $remember) {
$username = $this->db->quote($username); //uses PEAR::DB->quote method to sanitize input
$password = $this->db->quote(md5($password)); // " "
$sql = "SELECT * FROM guest WHERE (username = $username) AND (password = $password)";
$result = $this->db->getRow($sql);
if (is_object($result)) {
$this->_setSession($result, $remember);
return true;
} else {
$this->failed = true;
$this->_logout();
print "Sorry, you have entered an invalid username or password!";
return false;
}
}
function _checkRemembered($cookie) {
list($username, $cookie) = unserialize($cookie);
if (!$username or !$cookie) return;
$username = $this->db->quote($username);
$cookie = $this->db->quote($cookie);
$sql = "SELECT * FROM member WHERE (username = $username) AND (cookie = $cookie)";
$result = $this->db->getRow($sql);
if (is_object($result)) {
$this->_setSession($result, true);
}
}
function _setSession(&$values, $remember, $init = true) {
$this->id = $values->id;
$_SESSION['uid'] = $this->id;
$_SESSION['username'] = htmlspecialchars($values->username);
$_SESSION['cookie'] = $values->cookie;
$_SESSION['logged'] = true;
$_SESSION['role'] = $values->role;
if ($remember) {
$this->updateCookie($values->cookie, true);
}
/* if ($init) {
$session = $this->db->quote($_SERVER['REMOTE_ADDR']);
$sql = "UPDATE guest SET session = $session, ip = $ip WHERE id = $this->id";
$this->db->query($sql);
}*/
}
function updateCookie($cookie, $save) {
$_SESSION['cookie'] = $cookie;
if ($save) {
$cookie = serialize(array($_SESSION['username'], $cookie));
set_cookie;}
}
}
function _logout() {
session_defaults();
}
$date = time();
$user = new User($db);
$myusername = mysql_real_escape_string(stripslashes($_POST['myusername']));
$mypassword = mysql_real_escape_string(stripslashes($_POST['mypassword']));
$status = $user->_checkLogin;
print_r($status);
任何思考什么,我在这里失踪?有没有更好的方法来解决我的数据库连接?
在此先感谢。
答
请阅读mysql_real_escape_string()
文件。你应该提供与mysql连接的链接作为第二个参数。
更新:如果您想将用户数据存储到数据库,那么为什么不使用PEAR :: DB中的prepare()
?它有效地保护你免受SQL注入。
嗯..但文档说mysql_real_escape_string()(资源)中的第二个参数应该默认使用最后一个使用的资源,我希望能够工作。你如何从DB对象获取资源? – starsinmypockets 2011-05-14 21:23:28
@starsinmypockets我不知道如何从DB对象获得原始的mysql连接,所以可能试着摆脱'mysql_real_escape_string()'并使用'prepare()'? – 2011-05-14 21:41:01
是的,摆脱mysql_real_escape_string()是否谢谢! – starsinmypockets 2011-05-14 21:44:28