所以我很担心这个。
我有一个标题,我可以登录到我的mysql服务器,所以我有相同的mysql初始化信息都包含在1个文件中,因此如果需要更新,可以轻松地对所有文件进行更新。
我还有另一个头,它使用mysql初始化头来检查附加到URL的查询字符串。它会查找用户名和密码信息并验证它是否在数据库中,如果它不在数据库中,则服务器会发送一个不同的页面,说明它们缺少有效的登录凭据并提供另一个页面。
的header.php
<?php
$host = "host";
$dbUsername = "user";
$dbPass= "pass";
$db = "user";
ini_set('display_errors', 'On');
$conn = new mysqli($host,$dbUsername,$dbPass,$db);
if($conn->connect_error) {
die("Connection to server failed!: " . $conn->connect_error);
}
if(empty($_POST) == false)
{
$username = $_POST['username'];
$password = $_POST['password'];
}
else if(empty($_GET) == false)
{
$username = $_GET['username'];
$password = $_GET['password'];
}
?>
<!-- Put this inside php tags in a form so posts get sent with the proper username and data
echo "<input type='hidden' name='username' value='" . $username . "'/>";
echo "<input type='hidden' name='password' value='" . $password . "'/>";
-->
invalidlogin.php
<?php
if(empty($conn) == true)
{
include("includes/header.php");
}
?>
<?php
$validlogin = false;
if(empty($username) == false && empty($password) == false)
{
if(!($stmt = $conn->prepare("SELECT id FROM user WHERE username=? AND password=?"))){
echo "Username check prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!($stmt->bind_param("ss",$username,$password))){
echo "Username check bind param failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Username check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($id))
{
echo "Username bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
$stmt->fetch();
if(empty($id) == false)
$validlogin = true;
}
if($validlogin == false)
{
?>
<html>
<head>
<title>Database Restaraunts</title>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="stylesheet.css" />
</head>
<body>
<div class="container">
<div class="jumbotron">
<a href="index.php">
<h3>Restaraunt Database Project</h3>
</a>
</div>
<div class="login_container">
<a href="index.php"><h3>Invalid Login Credential. Return to main page and login.</h3></a>
</div>
</div>
</body>
</html>
<?php
exit(0);
}
?>
这两个文件都将包含在我的其他页面的90%中。这两个页面一起工作。但是,当我在第三个文件中包含它们时它们都继续运行,但是header.php中的sql连接不再适用于它们都包含在第3个文件中。在第3个文件中遇到第一个查询时出错。
注意:尝试获取非对象的属性 第38行/nfs/stak/students/l/lewisch/public_html/select.php
注意:尝试获取非对象的属性 第38行的/nfs/stak/students/l/lewisch/public_html/select.php标签 准备失败:致命错误:调用成员函数execute()on /nfs/stak/students/l/lewisch/public_html/select.php中的非对象 第41行
事情就是当我进行转储时,我看不到$ conn超出范围,但这就是我所看到的行为。我是PHP的新手,所以我可能会误解一些东西。请注意,如果我删除了'invalidlogin.php',那么我的连接使用的查询就会正确执行。
select.php
<?php
include("includes/header.php");
include("includes/invalidlogin.php");
?>
<html>
<head>
<title>Database Restaraunts</title>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="stylesheet.css" />
</head>
<body>
<div class="container">
<div class="jumbotron">
<?php
echo "<a href='" . "select.php?username=" . $username . "&password=" . $password . "'>\n";
?>
<h3>Restaraunt Database Project</h3>
</a>
<div>
<?php
echo "<a href='" . "user.php?username=" . $username . "&password=" . $password . "'>\n";
echo "user account: " . $username;
?>
</a>
</div>
</div>
<div class="login_container">
<form class="login">
<h3>Restaraunt Information</h3>
<div class="subform">
<label class="form_label">Tags</label><br/>
<select name="tags" multiple>
<?php
//Line 38
if(!($stmt = $conn->prepare("SELECT id, description FROM tag"))){
echo "Tag prepare failed: " . $stmt->errno . " " . $stmt->error;
}
//Line 41
if(!$stmt->execute()){
echo "Tag check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($tid,$description))
{
echo "Tag bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
while($stmt->fetch())
{
echo "<option value='" . $tid . "'>" . $description . "</option><br/>\n";
}
?>
</select><br/>
<label>Name</label><br />
<input name="name" type="text" />
</div>
<div class="subform">
<label class="form_label">State</label><br />
<select name="state">
<option value=""></option>
<br />
<?php
if(!($stmt = $conn->prepare("SELECT DISTINCT state FROM location"))){
echo "Username check prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Username check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($state))
{
echo "Username bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
while($stmt->fetch())
{
echo "<option value='" . $state . "'>" . $state . "</option><br/>\n";
}
?>
</select><br />
<label class="form_label">City</label><br/>
<select name="city">
<option value=""></option>
<?php
if(!($stmt = $conn->prepare("SELECT DISTINCT city FROM location"))){
echo "Username check prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Username check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($city))
{
echo "Username bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
while($stmt->fetch())
{
echo "<option value='" . $city . "'>" . $city . "</option><br/>\n";
}
?>
</select><br />
<label class="form_label">Zipcode</label><br />
<select name="zip">
<option value=""></option>
<?php
if(!($stmt = $conn->prepare("SELECT DISTINCT zip FROM location WHERE zip is NOT NULL"))){
echo "Username check prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Username check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($zip))
{
echo "Username bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
while($stmt->fetch())
{
echo "<option value='" . $zip . "'>" . $zip . "</option><br/>\n";
}
?>
</select>
</div>
<?php
echo "<input type='hidden' name='username' value='" . $username . "'/>";
echo "<input type='hidden' name='password' value='" . $password . "'/>";
?>
<input class="btn btn-primary" type="submit" value="Search" />
</form>
</div>
</div>
</body>
</html>
<?php
unset($_POST);
?>
我想我需要像头卫一样的东西,但我不确定如何去做。我正在尝试检查$ conn变量是否存在,以及它是否不重新初始化服务器信息,但这不起作用。
这是一个类项目,所以我确信这不是最安全的方法。这只是一个概念证明。它是一个数据库类,所以我只是对查询进行评分,网站的其余部分只需要运行,我选择做一个附加到其他东西的基本用户登录系统。不询问有关我正在测试的信息的问题,为什么我的sql连接停止使用这个额外的标题,我该如何解决?