多年前,我的一位朋友为我写了一段代码,为我的joomla网站用户记录学习进度做了一些简单的功能。现在我已经在PHP7上将Joomla更新为3.6,该网站正在报告已弃用的查询,这并不让我感到惊讶。我试图用mysqli替换查询,但我没能使函数工作。有人会来找我吗?非常感谢你。
<?php
/* $host = "localhost";
$user = "administrator";
$pass = "web-Test";//enter here your sql password
$db_name = "e-learning";
$link = mysql_connect($host, $user,$pass);
mysql_select_db($db_name, $link)or die("unable to select database"); */
include'const.php';
$link = mysql_connect($host, $user,$pass);
if (!$link) {
echo('Could not connect');
}
else {
mysql_select_db($db, $link) or die("can not select database").mysql_error();
}
$ip=getenv('REMOTE_ADDR');
//$new_array_without_nulls = array_filter($_POST, 'strlen');
if($_POST)
{
// --------comment
$uid = $_POST['uid'];
unset($_POST['uid']);
$cmt = array();
foreach($_POST as $key => $value)
{
if ($value != 'true' && $value != 'Progress' && $value != 'false')
{
$cmt[$key] = $value;
}
}
foreach ($cmt as $key => $value)
$cmt_value = implode(',' , $cmt);
// --------Check
$check = array();
foreach($_POST as $key => $value)
{
if ($value == 'true')
{
$check[$key] = $value;
}
}
//finding key
$check_key = array();
foreach ($check as $key => $value){
array_push($check_key,$key);
}
foreach ($check_key as $key => $value)
$check_value = implode(',' , $check_key);
//$uid = $user->get('id');
$content_name = $_POST['contentname'];
function CheckExistContentName($content_name,$uid){
$name_exist = mysql_query("select * from Progress where content_name = '$content_name' and User_id = $uid ");
$arr = array();
while($row = mysql_fetch_array($name_exist))
{
$arr = $row;
}
return $arr;
}
if(CheckExistContentName($content_name,$uid))
{
$sql = "update Progress set User_id = '".$uid."', ip = '".$ip."',content_name = '".$content_name."',arr_check = '".$check_value."',arr_cmt = '".$cmt_value."' where content_name = '$content_name' and User_id = $uid";
$rs_result = mysql_query($sql);
echo "<h2> Your learning progress has been updated </h2>";
}
else
{
$sql = "insert into Progress(User_id,ip,content_name,arr_check,arr_cmt) values ('".$uid."','".$ip."','".$content_name."','".$check_value."','".$cmt_value."')";
$rs_result = mysql_query($sql);
echo "<h2> Your learning progress has been saved </h2>";
}
}
//}
?>
答案 0 :(得分:1)
你的朋友在Joomla意义上完全错了。他将MySQL连接(包括密码)硬编码到文件中,而不是使用Joomla数据库类。
最重要的是,他在MySQL查询中直接使用不安全的变量,这意味着您的网站被黑客攻击的风险很高。
如果我是你,我会找专业人士来妥善解决这个问题。