因此,当我运行此登录脚本时,出现以下错误:
PHP警告: mysql_real_escape_string()[function.mysql-real-escape-string]: 无法链接到服务器 在(...)第116行建立。
我正在调用脚本顶部的数据库,而不是从PEAR中获取任何错误... print_r($ db)返回一个对象......
代码如下:
<?php
function &db_connect() {
require_once 'DB.php';
PEAR::setErrorHandling(PEAR_ERROR_DIE);
$db_host = 'internal-db.xxxxx.gridserver.com';
$db_user = 'xxxxx';
$db_pass = 'xxxx';
$db_name = 'xxxxx_wedding2';
$dsn = "mysqli://$db_user:$db_pass@$db_host/$db_name";
$db = DB::connect($dsn);
$db->setFetchMode(DB_FETCHMODE_OBJECT);
return $db;
}
$db = &db_connect();
if (DB::isError ($db))
die ("Cannot connect: " . $db->getMessage () . "\n");
if (!isset($_SESSION['uid'])) {
session_defaults();
}
function session_defaults() {
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
}
class User {
var $db = null; //PEAR::DB pointer
var $failed = false; //failed login
var $date; //current date
var $id = 0; //current users id
function User(&$db) { //is this the constructor?
$this->db = $db;
$this->date = $GLOBALS['date'];
$this->role = $_SESSION['role'];
if ($_SESSION['logged']) {
$this->_check_Session();
} elseif (!isset($_COOKIE['myLogin'])) {
$this->_checkRemembered($_COOKIE['myLogin']);
}
}
function _checkLogin($username, $password, $remember) {
$username = $this->db->quote($username); //uses PEAR::DB->quote method to sanitize input
$password = $this->db->quote(md5($password)); // " "
$sql = "SELECT * FROM guest WHERE (username = $username) AND (password = $password)";
$result = $this->db->getRow($sql);
if (is_object($result)) {
$this->_setSession($result, $remember);
return true;
} else {
$this->failed = true;
$this->_logout();
print "Sorry, you have entered an invalid username or password!";
return false;
}
}
function _checkRemembered($cookie) {
list($username, $cookie) = unserialize($cookie);
if (!$username or !$cookie) return;
$username = $this->db->quote($username);
$cookie = $this->db->quote($cookie);
$sql = "SELECT * FROM member WHERE (username = $username) AND (cookie = $cookie)";
$result = $this->db->getRow($sql);
if (is_object($result)) {
$this->_setSession($result, true);
}
}
function _setSession(&$values, $remember, $init = true) {
$this->id = $values->id;
$_SESSION['uid'] = $this->id;
$_SESSION['username'] = htmlspecialchars($values->username);
$_SESSION['cookie'] = $values->cookie;
$_SESSION['logged'] = true;
$_SESSION['role'] = $values->role;
if ($remember) {
$this->updateCookie($values->cookie, true);
}
/* if ($init) {
$session = $this->db->quote($_SERVER['REMOTE_ADDR']);
$sql = "UPDATE guest SET session = $session, ip = $ip WHERE id = $this->id";
$this->db->query($sql);
}*/
}
function updateCookie($cookie, $save) {
$_SESSION['cookie'] = $cookie;
if ($save) {
$cookie = serialize(array($_SESSION['username'], $cookie));
set_cookie;}
}
}
function _logout() {
session_defaults();
}
$date = time();
$user = new User($db);
$myusername = mysql_real_escape_string(stripslashes($_POST['myusername']));
$mypassword = mysql_real_escape_string(stripslashes($_POST['mypassword']));
$status = $user->_checkLogin;
print_r($status);
有什么想法,我在这里缺少什么?有没有更好的方法来解决我的数据库连接问题?
提前致谢。
答案 0 :(得分:2)
请阅读mysql_real_escape_string()
文档。你应该提供与mysql连接的链接作为第二个参数。
更新:如果要将用户数据存储到数据库,为什么不使用PEAR :: DB中的prepare()
?它有效地保护您免受SQL注入。