mysqli真正逃脱stiring

时间:2017-08-22 18:04:56

标签: php html mysql mysqli

我对网站编码的经验介于初学者和中级之间。然而。我对myslq,mysqli和数据库的经验充其量只是新手。 我正在使用https://daveismyname.blog/login-and-registration-system-with-php上的代码 建立登录和注册网站。当然整个网站都是实验性的。

现在我收到以下错误:

警告:mysqli_real_escape_string()期望参数1为mysqli,第8行/srv/disk3/1994853/www/shadeyprocess.com/login.php中给出的对象

警告:mysqli_real_escape_string()要求参数1为mysqli,第9行/srv/disk3/1994853/www/shadeyprocess.com/login.php中给出的对象

警告:mysqli_query()要求参数1为mysqli,第12行/srv/disk3/1994853/www/shadeyprocess.com/login.php中给出的对象

警告:mysqli_fetch_array()要求参数1为mysqli_result,在第13行的/srv/disk3/1994853/www/shadeyprocess.com/login.php中给出null

警告:mysqli_num_rows()要求参数1为mysqli_result,在第16行的/srv/disk3/1994853/www/shadeyprocess.com/login.php中给出为null

我在PHP 7.1.8和MYSQL 5.7版上运行我的服务器

的login.php

<?php
   include("./darkling/config.php");
   session_start();
   
   if($_SERVER["REQUEST_METHOD"] == "POST") {
      // username and password sent from form 
      
      $myusername = mysqli_real_escape_string($db,$_POST['username']);
      $mypassword = mysqli_real_escape_string($db,$_POST['password']); 
      
      $sql = "SELECT id FROM admin WHERE username = '$myusername' and passcode = '$mypassword'";
      $result = mysqli_query($db,$sql);
      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
      $active = $row['active'];
      
      $count = mysqli_num_rows($result);
      
      // If result matched $myusername and $mypassword, table row must be 1 row
		
      if($count == 1) {
         session_register("myusername");
         $_SESSION['login_user'] = $myusername;
         
         header("location: index.php");
      }else {
         $error = "Your Login Name or Password is invalid";
      }
   }
?>
<html>
   
   <head>
      <title>Login Page</title>
      
      <style type = "text/css">
         body {
            font-family:Arial, Helvetica, sans-serif;
            font-size:14px;
         }
         
         label {
            font-weight:bold;
            width:100px;
            font-size:14px;
         }
         
         .box {
            border:#666666 solid 1px;
         }
      </style>
      
   </head>
   
   <body bgcolor = "#FFFFFF">
	
      <div align = "center">
         <div style = "width:300px; border: solid 1px #333333; " align = "left">
            <div style = "background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
				
            <div style = "margin:30px">
               
               <form action = "" method = "post">
                  <label>UserName  :</label><input type = "text" name = "username" class = "box"/><br /><br />
                  <label>Password  :</label><input type = "password" name = "password" class = "box" /><br/><br />
                  <input type = "submit" value = " Submit "/><br />
               </form>
               
               <div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div>
					
            </div>
				
         </div>
			
      </div>

   </body>
</html>

的config.php

<?php

//set timezone
date_default_timezone_set('Europe/London');

//database credentials
define('DBHOST','xxx');
define('DBUSER','xxx');
define('DBPASS','xxx');
define('DBNAME','xxx');

//application address
define('DIR','https://www.shadeyprocess.com');
define('SITEEMAIL','noreply@domain.com');

try {

    //create PDO connection 
    $db = new PDO("mysql:host=".DBHOST.";port=3306;dbname=".DBNAME, DBUSER, DBPASS);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

} catch(PDOException $e) {
    //show error
    echo '<p class="bg-danger">'.$e->getMessage().'</p>';
    exit;
}

//include the user class, pass in the database connection
include('./classes/user.php');
include('./classes/phpmailer/mail.php');
$user = new User($db); 
?>

任何想法?从我的所有搜索基本上它是说我正在尝试使用mysqli和MySQL,但我无法弄清楚它是什么原因从我所看到的没有在我的整个网站上使用MySQL的地方。另外我读到一些关于使用mysqli_real_escape部分的东西不是最好的主意,也可能是问题的根源。我仍然无法弄清楚问题是什么。

如果在某个地方提出答案,我道歉,因为有很多像我这样的类似问题。然而,这些答案都没有帮助,或者让我得到的信息比我已有的更多。谢谢你的回复。

0 个答案:

没有答案