Question

我在我的电脑上安装了php版本7.2并且出现deprecated function错误，而在低于7.2的php版本中它正常运行。

function getQueriesFromSQLFile($sqlfile) {
 if (is_readable($sqlfile) === false) {
  throw new Exception($sqlfile . 'does not exist or is not readable.');
 }

 # read file into array
 $file = file($sqlfile);

 # import file line by line
 # and filter (remove) those lines, beginning with an sql comment token
 $file = array_filter($file, create_function('$line', 'return                 strpos(ltrim($line), "--") !== 0;'));

 # and filter (remove) those lines, beginning with an sql notes token
 $file = array_filter($file, create_function('$line', 'return     strpos(ltrim($line), "/*") !== 0;'));

 # this is a whitelist of SQL commands, which are allowed to follow a     semicolon
 $keywords = array(
  'ALTER', 'CREATE', 'DELETE', 'DROP', 'INSERT',
  'REPLACE', 'SELECT', 'SET', 'TRUNCATE', 'UPDATE', 'USE'
 );

 # create the regular expression for matching the whitelisted keywords
 $regexp = sprintf('/\s*;\s*(?=(%s)\b)/s', implode('|', $keywords));

 # split there
 $splitter = preg_split($regexp, implode("\r\n", $file));

 # remove trailing semicolon or whitespaces
 $splitter = array_map(create_function('$line', 'return     preg_replace("/[\s;]*$/", "", $line);'), $splitter);

 # remove empty lines
 return array_filter($splitter, create_function('$line', 'return     !empty($line);'));
}

Answer 1

您注意到create_function()函数has been deprecated in 7.2。这是一个你应该努力不使用的功能，出于安全考虑而被弃用，我相信它包含了非常危险的eval功能。该功能允许攻击者在某些情况下在您的计算机上执行任意代码。

您应该使用匿名函数，例如

$file = array_filter(
    $file,
    function($line) { return strpos(ltrim($line), "--") !== 0; }
);

在PHP版本7.2.4中安装inoERP时修复不推荐使用的函数错误

1 个答案: