我一直在尝试将一些mysql转换为mysqli。我是两个新手,但我已经对mysqli文档进行了大量阅读,并且在转换它们时我或多或少都成功了。
在这个项目中,当我尝试转换它们时,我遇到了很多问题。例如,我有一个完美的mysql_real_escape_string,直到我尝试转换它。根据我写的文件
mysqli->real_escape_string($var);
我收到错误说Parse错误:语法错误,意外' - >' (T_OBJECT_OPERATOR)。 然后将其切换为mysqli程序样式并像这样编写
mysqli_real_escape_string($link, $var); //I also changed my $db connect to procedural
那也失败了。
我一直在查看文档,但我没有看到任何错误。我错过了一些明显的东西吗?
这是整个代码。
signup.php
<?php // Example 21-5: signup.php
include_once 'header.php';
include 'functions.php';
echo <<<_END
<script>
function checkUser(user)
{
if (user.value == '')
{
O('info').innerHTML = ''
return
}
params = "user=" + user.value
request = new ajaxRequest()
request.open("POST", "checkuser.php", true)
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
request.setRequestHeader("Content-length", params.length)
request.setRequestHeader("Connection", "close")
request.onreadystatechange = function()
{
if (this.readyState == 4)
if (this.status == 200)
if (this.responseText != null)
O('info').innerHTML = this.responseText
}
request.send(params)
}
function ajaxRequest()
{
try { var request = new XMLHttpRequest() }
catch(e1) {
try { request = new ActiveXObject("Msxml2.XMLHTTP") }
catch(e2) {
try { request = new ActiveXObject("Microsoft.XMLHTTP") }
catch(e3) {
request = false
} } }
return request
}
</script>
<div class='main'><h3>Please enter your details to sign up</h3>
_END;
$error = $user = $pass = "";
if (isset($_SESSION['user'])) destroySession();
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "")
$error = "Not all fields were entered<br /><br />";
else
{
if (mysql_num_rows(queryMysql("SELECT * FROM members
WHERE user='$user'")))
$error = "That username already exists<br /><br />";
else
{
queryMysql("INSERT INTO members VALUES('$user', '$pass')");
die("<h4>Account created</h4>Please Log in.<br /><br />");
}
}
}
echo <<<_END
<form method='post' action='signup.php'>$error
<span class='fieldname'>Username</span>
<input type='text' maxlength='16' name='user' value='$user'
onBlur='checkUser(this)'/><span id='info'></span><br />
<span class='fieldname'>Password</span>
<input type='text' maxlength='16' name='pass'
value='$pass' /><br />
_END;
?>
<span class='fieldname'> </span>
<input type='submit' value='Sign up' />
</form></div><br /></body></html>
这里是functions.php
<?php //functions.php
$dbhost = 'localhost';
$dbname = 'database';
$dbuser = 'user';
$dbpass = 'password';
$db = new mysqli($dbhost, $dbuser, $dbpass, $dbpass);
// error check
if($db->connect_errno > 0){
// report an error
die('Unable to connect to database [' . $db->connect_error . ']');
}
function createTable($name, $query)
{
queryMysql("CREATE TABLE IF NOT EXISTS $name($query)");
echo "Table '$name' created or already exists.<br />";
}
function queryMysql($query)
{
$result = mysql_query($query) or die(mysql_error());
return $result;
}
function destroySession()
{
$_SESSION=array();
if (session_id() != "" || isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time()-2592000, '/');
session_destroy();
}
function sanitizeString($var)
{
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return mysqli->real_escape_string($var);
}
function showProfile($user)
{
if (file_exists("$user.jpg"))
echo "<img src='$user.jpg' align='left' />";
$result = queryMysql("SELECT * FROM profiles WHERE user='$user'");
if (mysql_num_rows($result))
{
$row = mysql_fetch_row($result);
echo stripslashes($row[1]) . "<br clear=left /><br />";
}
}
?>
答案 0 :(得分:3)
您在变量名前缺少$:
return mysqli->real_escape_string($var);
^^^^^
HERE
但这并不重要,因为$mysqli无论如何都没有被定义。你可能意味着:
return mysqli_real_escape_string($var);
但由于您错过了MySQLi资源ID,因此无法正常工作。您需要将其作为参数添加到函数中,并在调用它时传递它:
$user = sanitizeString($_POST['user'], $db);
$pass = sanitizeString($_POST['pass'], $db);
function sanitizeString($var, $db)
{
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return mysqli_real_escape_string($db, $var);
}