我目前正在网站的问答部分。
如果用户未登录,index.php强制重定向到login.php; login.php引用了一个名为define.mysqli.php的配置文件,该文件建立了与数据库的连接,同时还要求func.php文件包含大量功能,例如getQuestions()和getUserInfoById();。连接很好,但是由于诸如mysqli_real_escape_string()之类的错误,站点本身的功能无法正常工作:无法在login.php中获取mysqli(错误1),func.php文件中存在未定义的变量(错误2),mysqli_query()期望参数1为mysqli,在func.php中给出的值为null(错误3)
我只需要指出一些我需要改变的地方即可。关于StackOverflow的其他问题太简单了。我知道我需要进行哪些更改,但是我需要做的工作太多了,因此,我担任jr开发人员,而没有sr开发人员担任导师。
//top of code
<?php
//Display errors; COMMENT OUT WHEN NOT DEBUGGING
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
//DB
require('lib/func.php');
//The function looks like this
//Checks if user is already logged in and redirects.
if (isset($_SESSION['user'])){
$user = getUserInfo($_SESSION['user']);
if ($user != null) {
if ($user['admin'] == 1) {
header('Location: admin.php');
exit;
} else {
header('Location: login.php');
}
}
}
if (isset($_POST)){
if(sizeof($_POST) > 0) {
$user = mysqli_real_escape_string($link, trim($_POST['username'])); //error
$pass = mysqli_real_escape_string($link, trim($_POST['password'])); //error
if(isValidAdminUser($user,$pass)) {
persistUser($user);
header('Location: admin.php');
exit;
} elseif(isValidStateUser($user,$pass)) {
persistUser($user);
header('Location: /');
exit;
} else {
$error = "Invalid username or password";
}
}
}
//what am i missing from this? what's am i doing wrong/needs improvement?
//top of file
<?php
include("define.mysqli.php");
if(!isset($_SESSION)){
session_start();
}
//....
function isValidAdminUser($uname,$pass) {
$query = "SELECT * FROM users WHERE login = '$uname' AND admin = 1";
$result = mysqli_query($link, $query) or die(mysqli_error($link)); //error
if(mysqli_num_rows($result) > 0) {
$user = mysqli_fetch_array($result); //error
if(md5($pass) == $user['password'])
return true;
}
return false;
}
//the original code was
function isValidAdminUser($uname,$pass) {
$query = "SELECT * FROM users WHERE login = '$uname' AND admin = 1";
$result = mysql_query($query) or die(mysql_error()); //error
if(mysqli_num_rows($result) > 0) {
$user = mysqli_fetch_array($result); //error
if(md5($pass) == $user['password']) {
return true;
}
}
return false;
}
//i changed it to mysqli best i could but $link is undefined???
//in same code as above
<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
if(!isset($_SESSION)){
session_start();
}
if(!defined("DATABASE_PREFIX"))
define("DATABASE_PREFIX","dbr_");
$hostname = "127.0.0.1";
$username = "*correct_username";
$password = "*correct_password";
$database = "*correct_database";
$link = mysqli_connect($hostname, $username, $password, $database);
if(!$link) {
echo "Error: Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
}
//echo "Success: Established MySQL connection." . PHP_EOL;
//echo "Host Information: " . mysqli_get_host_info($link) . PHP_EOL;
mysqli_close($link);
?>
我正在尽力将参数从mysql_ *正确更改为mysqli_ *,但是我不知道自己缺少什么。