mysqli_real_escape_string()找不到我的$ connSQL

时间:2016-03-03 16:50:27

标签: php

我对此函数GetSQLValueString有疑问,是将SQL字符串值处理为正确模式的软件。 此函数将生成以下代码:

 <?php
       if (!function_exists("GetSQLValueString")) {
       function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
  {
    if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) :$theValue;
  }

   $theValue = function_exists("mysqli_real_escape_string") ? 
   mysqli_real_escape_string($connSQL, $theValue) : 
   mysqli_escape_string($connSQL, $theValue);

    switch ($theType) 
    {
     case "text":
       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;    
     case "long":
     case "int":
       $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
     case "double":
       $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
     case "date":
       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
     case "defined":
       $theValue = ($theValue != "") ? $theDefinedValue :  $theNotDefinedValue;
        break;
    }
    return $theValue;
    }
   }

这不是一个大问题,虽然有点难以理解。

这些代码嵌入在index.php中,会出现一些问题:

  

注意:未定义的变量:connSQL

我的 index.php

  <?php require_once('Connections/connSQL.php'); ?>
  <?php
        if (!function_exists("GetSQLValueString")) 
        {
        function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
        {
         if (PHP_VERSION < 6) 
        {
         $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
         }

         $theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($connSQL, $theValue) : mysqli_escape_string($connSQL, $theValue);

          switch ($theType) {
           case "text":
         $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
            break;    
           case "long":
           case "int":
         $theValue = ($theValue != "") ? intval($theValue) : "NULL";
            break;
           case "double":
         $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
            break;
           case "date":
         $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
            break;
           case "defined":
         $theValue = ($theValue != "") ? $theDefinedValue :  $theNotDefinedValue;
  break;
          }
           return $theValue;
          }
          }

              $colname_RecUser = "-1";
                  if (isset($_SESSION['MM_Username'])) {
              $colname_RecUser = $_SESSION['MM_Username'];
          }
            mysqli_select_db($connSQL, $database_connSQL);
              $query_RecUser = sprintf("SELECT * FROM memberdata WHERE m_username = %s", GetSQLValueString($colname_RecUser, "text"));
              $RecUser = mysqli_query($connSQL, $query_RecUser) or die(mysqli_error());
              $row_RecUser = mysqli_fetch_assoc($RecUser);
              $totalRows_RecUser = mysqli_num_rows($RecUser);
          ?>
          <?php
           // *** Validate request to login to this site.
            if (!isset($_SESSION)) 
             {
              session_start();
             }
            $loginFormAction = $_SERVER['PHP_SELF'];
              if (isset($_GET['accesscheck'])) 
             {
            $_SESSION['PrevUrl'] = $_GET['accesscheck'];
             }

               if (isset($_POST['m_username'])) {
                  $loginUsername=$_POST['m_username'];
                  $password=md5($_POST['m_password']);
                  $MM_fldUserAuthorization = "m_level";
                  $MM_redirectLoginSuccess = "membercenter.php";
                  $MM_redirectLoginFailed = "index.php?errMsg=1";
                  $MM_redirecttoReferrer = false;
              mysqli_select_db($connSQL, $database_connSQL);

                  $LoginRS__query=sprintf("SELECT m_username, m_passwd, m_level FROM memberdata WHERE m_username=%s AND m_passwd=%s",
                     GetSQLValueString($loginUsername, "text"),GetSQLValueString($password, "text")); 
                  $LoginRS = mysqli_query($connSQL, $LoginRS__query) or die(mysqli_error());
                  $loginFoundUser = mysqli_num_rows($LoginRS);
                 if ($loginFoundUser) 
              {

                  $loginStrGroup  = mysql_result($LoginRS,0,'m_level');

                 if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
                  //declare two session variables and assign them
                  $_SESSION['MM_Username'] = $loginUsername;
                  $_SESSION['MM_UserGroup'] = $loginStrGroup;         

                 if (isset($_SESSION['PrevUrl']) && false) 
                  {
                    $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    
                  } 
                    header("Location: " . $MM_redirectLoginSuccess );
                  }
                    else 
                  {
                    header("Location: ". $MM_redirectLoginFailed );
                  }
                  }
                ?>
            <html>
            <head>
            <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
            <title>會員管理系統 - 首頁</title>
            </head>
            <body>
            <form name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
               <table width="250" border="1" align="center">
               <tr valign="top"><td align="center">
               <p>會員管理系統</p>
               <p>帳號:<br>
               <input name="m_username" type="text" >
               </p>
               <p>密碼:<br>
               <input name="m_password" type="password">
               </p>
               <p align="center">
               <input type="submit" name="login" value="登入">
               </p>
               <p><a href="memberjoin.php">馬上申請會員</a></p>
                  </td></tr>
                  </table>
                     </form>
                     <form name="form2" method="POST">
           <?php /*start input_input script*/ if (isset($errMsg) && ($_GET['errMsg'] == 1)){ echo $errMsg; ?>
                  <table width="250" border="0" align="center">
                    <tr class="head2">    
                    <tr align="center">
                  <td>錯誤訊息</td>
                    </tr>
                    <tr>
                  <td align="center">帳號、密碼錯誤,<br>
                   請重新登入!</td>
                    </tr>
                  </table>
           <?php } /*end input_input script*/ ?>
         </form>
            <form name="form3" method="POST">
                <?php /*start input_input script*/ if (isset($errMsg) && ($_GET['errMsg'] == 1)){ echo $errMsg; ?>
                <table width="250" border="0" align="center">
                   <tr>
                      <td align="center"><table width="250" border="0" align="center">
                   <tr class="head2">
                   <tr align="center">
                  <td>錯誤訊息</td>
                 </tr>
               <tr>
                  <td align="center">請您先登入會員,<br>
                      或是您的權限不足!</td>
               </tr>
                  </table></td>
               </tr>
             </table>
             <?php } /*end input_input script*/ ?>
            </form>
            </body>
            </html>
             <?php
              mysqli_free_result($RecUser);
             ?>

我无法理解,$connSQL可以找到其他说明,但mysqli_real_escape_string()除外。

请帮我解决这些问题,谢谢

1 个答案:

答案 0 :(得分:1)

你从connSQL.php获得$ connSQL,但它是一个全局变量,只需添加:

global $connSQL;

在你的“if”语句中,以便能够捕获你的变量。