未定义变量:mysqli_real_escape_string()期望参数1为mysqli,null给定

时间:2015-12-27 14:29:14

标签: php mysql mysqli

我将旧的PHP脚本移到了mysqli查询中,我在注册验证码中遇到mysqli_real_escape_string问题。

  

PHP消息:PHP注意:未定义的变量:链接   第38行/srv/www/public_html/classes/validation.class.php

     

PHP消息:PHP警告:mysqli_real_escape_string()期望   参数1为mysqli,null为   第38和34行的/srv/www/public_html/classes/validation.class.php;而   从上游读取响应头

validation.class.php如下;

<?php
defined('_VALID') or die('Restricted Access!');
class VValidation
{
public function username($username)
  {
    if (!preg_match('/^[a-zA-Z0-9_]*$/', $username)) {
        return false;
    } elseif (preg_match('/^[_]*$/', $username)) {
        return false;
    }

    $users_blocked = array(
        'edit',
        'prefs',
        'blocks',
        'delete',
        'avatar'
    );
    if (in_array($username, $users_blocked)) {
        return false;
       }
    return true;
    }

    public function usernameExists($username) {
      global $conn;
      $sql = "SELECT UID FROM signup WHERE username = '" .   mysqli_real_escape_string($username) . "' LIMIT 1";
      $conn->execute($sql);
     return $conn->Affected_Rows();
    }

  public function email($email)
   {
    // First, we check that there's one @ symbol, and that the lengths are    right
    if (!preg_match("/^[^@]{1,64}@[^@]{1,255}$/", $email)) {
        // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    for ($i = 0; $i < sizeof($local_array); $i++) {
        if (!preg_match("/^(([A-Za-z0-9!#$%&'*+\/=?^_`{|}~-][A-Za-z0-9!#$%&'*+\/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$/", $local_array[$i])) {
            return false;
        }
    }
    if (!preg_match("/^\[?[0-9\.]+\]?$/", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2) {
            return false; // Not enough parts to domain
        }
        for ($i = 0; $i < sizeof($domain_array); $i++) {
            if (!preg_match("/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$/", $domain_array[$i])) {
                return false;
            }
        }
    }

    return true;
}

public function emailExists($email, $uid = NULL) {
 global $conn;
 $sql_add = (isset($uid)) ? " AND UID != " . intval($uid) : NULL;
 $sql     = "SELECT UID FROM signup WHERE email = '" . mysql_real_escape_string($email) . "'" . $sql_add . " LIMIT 1";
 $conn->execute($sql);
 return $conn->Affected_Rows();
}

   public function date($month, $day, $year) {
    return checkdate($month, $day, $year);
   }

public function age($month, $day, $year, $years)
{
    $age      = mktime(0, 0, 0, $month, $day, $year);
    $real_age = mktime(0, 0, 0, date('m'), date('d'), (date('Y') - $years));
    if ($age <= $real_age) {
        return true;
  }

 return false;
 }

public function zip($code, $country = 'US') {
    if (!ctype_digit($code)) {
        return false;
    }

    $length = VString::strlen($code);
    switch ($country) {
        case 'UK':
        case 'CA':
            if ($length <> 6) {
                return true;
            }
        default:
            if ($length >= 5 && $lenght <= 9) {
                return true;
            }
         }
   return false;
}

public function ip($ip)
{
    if (!ip2long($ip)) {
        return false;
    }
  }
}
?>

我错误地(?)假设我可以包含我的配置以获取数据库详细信息;

<?php
defined('_VALID') or die('Restricted Access!');
require_once $config['BASE_DIR']. '/include/config.php';

和$ link mysqli_real_escape_string

$sql    = "SELECT UID FROM signup WHERE username = '" .mysqli_real_escape_string($link, $username). "' LIMIT 1"; 

但是这提供了上述错误。 config.php的include包含其他配置的包含以将它们组合在一起。

    <?php
defined('_VALID') or die('Restricted Access!');

require 'config.db.php';
require $config['BASE_DIR']. '/include/dbconn.php';

$link = mysqli_connect($config['db_host'], $config['db_user'], $config['db_pass'], $config['db_name']);

$config['db_pass'], $config['db_name']);
if ( !defined('_CONSOLE') ) {
    require $config['BASE_DIR']. '/include/sessions.php';
}

disableRegisterGlobals();

... more unreleated functions

config.db.php

    <?php
defined('_VALID') or die('Restricted Access!');
$config['db_type'] = 'mysqli';
$config['db_host'] = 'localhost';
$config['db_user'] = 'user1';
$config['db_pass'] = 'abc123';
$config['db_name'] = 'newdatabase';
?>

db.conn.php

    <?php
defined('_VALID') or die('Restricted Access!');
$conn = ADONewConnection($config['db_type']);
if ( !$conn->Connect($config['db_host'], $config['db_user'], $config['db_pass'], $config['db_name']) ) {
echo 'Could not connect to mysql! Please check your database settings!';
   die();
  }
 $conn->execute("SET NAMES 'utf8'");
?>

我是以正确的方式来做这件事的吗?感谢您的任何信息。

1 个答案:

答案 0 :(得分:1)

 public function usernameExists($username )
{
    global $conn, $config;
    $link = mysqli_connect($config['db_host'], $config['db_user'], $config['db_pass'], $config['db_name']);
    $sql="SELECT UID FROM signup WHERE username = '" .mysqli_real_escape_string($link, $username). "' LIMIT 1";
    $conn->execute($sql);
    return $conn->Affected_Rows();
}