我将旧的PHP脚本移到了mysqli查询中,我在注册验证码中遇到mysqli_real_escape_string问题。
PHP消息:PHP注意:未定义的变量:链接 第38行/srv/www/public_html/classes/validation.class.php
PHP消息:PHP警告:mysqli_real_escape_string()期望 参数1为mysqli,null为 第38和34行的/srv/www/public_html/classes/validation.class.php;而 从上游读取响应头
validation.class.php如下;
<?php
defined('_VALID') or die('Restricted Access!');
class VValidation
{
public function username($username)
{
if (!preg_match('/^[a-zA-Z0-9_]*$/', $username)) {
return false;
} elseif (preg_match('/^[_]*$/', $username)) {
return false;
}
$users_blocked = array(
'edit',
'prefs',
'blocks',
'delete',
'avatar'
);
if (in_array($username, $users_blocked)) {
return false;
}
return true;
}
public function usernameExists($username) {
global $conn;
$sql = "SELECT UID FROM signup WHERE username = '" . mysqli_real_escape_string($username) . "' LIMIT 1";
$conn->execute($sql);
return $conn->Affected_Rows();
}
public function email($email)
{
// First, we check that there's one @ symbol, and that the lengths are right
if (!preg_match("/^[^@]{1,64}@[^@]{1,255}$/", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!preg_match("/^(([A-Za-z0-9!#$%&'*+\/=?^_`{|}~-][A-Za-z0-9!#$%&'*+\/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$/", $local_array[$i])) {
return false;
}
}
if (!preg_match("/^\[?[0-9\.]+\]?$/", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!preg_match("/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$/", $domain_array[$i])) {
return false;
}
}
}
return true;
}
public function emailExists($email, $uid = NULL) {
global $conn;
$sql_add = (isset($uid)) ? " AND UID != " . intval($uid) : NULL;
$sql = "SELECT UID FROM signup WHERE email = '" . mysql_real_escape_string($email) . "'" . $sql_add . " LIMIT 1";
$conn->execute($sql);
return $conn->Affected_Rows();
}
public function date($month, $day, $year) {
return checkdate($month, $day, $year);
}
public function age($month, $day, $year, $years)
{
$age = mktime(0, 0, 0, $month, $day, $year);
$real_age = mktime(0, 0, 0, date('m'), date('d'), (date('Y') - $years));
if ($age <= $real_age) {
return true;
}
return false;
}
public function zip($code, $country = 'US') {
if (!ctype_digit($code)) {
return false;
}
$length = VString::strlen($code);
switch ($country) {
case 'UK':
case 'CA':
if ($length <> 6) {
return true;
}
default:
if ($length >= 5 && $lenght <= 9) {
return true;
}
}
return false;
}
public function ip($ip)
{
if (!ip2long($ip)) {
return false;
}
}
}
?>
我错误地(?)假设我可以包含我的配置以获取数据库详细信息;
<?php
defined('_VALID') or die('Restricted Access!');
require_once $config['BASE_DIR']. '/include/config.php';
和$ link mysqli_real_escape_string
$sql = "SELECT UID FROM signup WHERE username = '" .mysqli_real_escape_string($link, $username). "' LIMIT 1";
但是这提供了上述错误。 config.php的include包含其他配置的包含以将它们组合在一起。
<?php
defined('_VALID') or die('Restricted Access!');
require 'config.db.php';
require $config['BASE_DIR']. '/include/dbconn.php';
$link = mysqli_connect($config['db_host'], $config['db_user'], $config['db_pass'], $config['db_name']);
$config['db_pass'], $config['db_name']);
if ( !defined('_CONSOLE') ) {
require $config['BASE_DIR']. '/include/sessions.php';
}
disableRegisterGlobals();
... more unreleated functions
config.db.php
<?php
defined('_VALID') or die('Restricted Access!');
$config['db_type'] = 'mysqli';
$config['db_host'] = 'localhost';
$config['db_user'] = 'user1';
$config['db_pass'] = 'abc123';
$config['db_name'] = 'newdatabase';
?>
db.conn.php
<?php
defined('_VALID') or die('Restricted Access!');
$conn = ADONewConnection($config['db_type']);
if ( !$conn->Connect($config['db_host'], $config['db_user'], $config['db_pass'], $config['db_name']) ) {
echo 'Could not connect to mysql! Please check your database settings!';
die();
}
$conn->execute("SET NAMES 'utf8'");
?>
我是以正确的方式来做这件事的吗?感谢您的任何信息。
答案 0 :(得分:1)
public function usernameExists($username )
{
global $conn, $config;
$link = mysqli_connect($config['db_host'], $config['db_user'], $config['db_pass'], $config['db_name']);
$sql="SELECT UID FROM signup WHERE username = '" .mysqli_real_escape_string($link, $username). "' LIMIT 1";
$conn->execute($sql);
return $conn->Affected_Rows();
}