不推荐使用mysql_query和mysql_connect - 代码更新

时间:2016-07-22 09:25:41

标签: php mysql

多年前,我的一位朋友为我写了一段代码,为我的joomla网站用户记录学习进度做了一些简单的功能。现在我已经在PHP7上将Joomla更新为3.6,该网站正在报告已弃用的查询,这并不让我感到惊讶。我试图用mysqli替换查询,但我没能使函数工作。有人会来找我吗?非常感谢你。

<?php
/*      $host = "localhost";
$user = "administrator"; 
$pass = "web-Test";//enter here your sql password
$db_name = "e-learning";
$link = mysql_connect($host, $user,$pass);
mysql_select_db($db_name, $link)or die("unable to select database");  */
include'const.php';
$link = mysql_connect($host, $user,$pass);
if (!$link) {
echo('Could not connect');
}
else {
mysql_select_db($db, $link) or die("can not select database").mysql_error();    
}   
$ip=getenv('REMOTE_ADDR');  
//$new_array_without_nulls = array_filter($_POST, 'strlen');

if($_POST)
{

// --------comment
$uid = $_POST['uid'];
unset($_POST['uid']);
$cmt = array();
foreach($_POST as $key => $value)
    {
        if ($value != 'true' && $value != 'Progress' && $value != 'false')
        {
            $cmt[$key] = $value;
        }
    }
foreach ($cmt as $key => $value)
$cmt_value = implode(',' , $cmt);
// --------Check 
$check = array();
foreach($_POST as $key => $value)
    {
        if ($value == 'true')
        {
            $check[$key] = $value;
        }
    }
//finding key
$check_key = array();
foreach ($check as $key => $value){
    array_push($check_key,$key);
}
foreach ($check_key as $key => $value)
$check_value = implode(',' , $check_key);   

//$uid = $user->get('id');
$content_name = $_POST['contentname'];
function CheckExistContentName($content_name,$uid){
    $name_exist = mysql_query("select * from Progress where content_name = '$content_name' and User_id = $uid ");
    $arr = array();
    while($row = mysql_fetch_array($name_exist))
    {
    $arr = $row;
    }
    return $arr;
}
if(CheckExistContentName($content_name,$uid))
{
    $sql = "update Progress set User_id = '".$uid."', ip = '".$ip."',content_name = '".$content_name."',arr_check = '".$check_value."',arr_cmt = '".$cmt_value."' where content_name = '$content_name' and User_id = $uid";
    $rs_result = mysql_query($sql);
    echo "<h2> Your learning progress has been updated </h2>";
}
else 
{
    $sql = "insert into Progress(User_id,ip,content_name,arr_check,arr_cmt) values ('".$uid."','".$ip."','".$content_name."','".$check_value."','".$cmt_value."')";
    $rs_result = mysql_query($sql);
    echo "<h2> Your learning progress has been saved </h2>";
}
}
//}
?>

1 个答案:

答案 0 :(得分:1)

你的朋友在Joomla意义上完全错了。他将MySQL连接(包括密码)硬编码到文件中,而不是使用Joomla数据库类。

最重要的是,他在MySQL查询中直接使用不安全的变量,这意味着您的网站被黑客攻击的风险很高。

如果我是你,我会找专业人士来妥善解决这个问题。