从
提交的Html表单<?php
////////////////////////////////////////////////////////////////////////////////////
###### Require Database ###### ////////////////////////
require_once('src/cfg/dbi.php');
////////////////////////////////////////////////////////////////////////////////////
###### Call Session Functions Include ###### ////////////////////////
require_once('src/cfg/sess_function.php'); ////////////////////////
###### Call function as contained in sess_function() ###### //
session_set_save_handler('_open','_close','_read','_write','_destroy','_clean'); //
###### Start session ###### ////////////////////////////////////////////////////////
session_start(); ///////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
#fullname, email, password
// Verify input was even provided
if (isset($_POST['fullname']) && isset($_POST['email']) && isset($_POST['password'])) {
// Clean Input
$userName = mysql_real_escape_string($_POST['fullname']);
$userEmailAddress = mysql_real_escape_string($_POST['email']);
$userPassword = mysql_real_escape_string($_POST['password']);
# hash cleaned pass...
$dynamSalt = mt_rand(20,9999);
$userPassword = hash('sha512',$dynamSalt.$userPassword);
# connect database, then prepare, and finally perform query…
#require_once('src/cfg/dbi.php');
try{
$dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
// INSERT CLEAN DATA INTO TABLE…
$sth = $dbh->prepare("
INSERT INTO Fan(fanNm,fanEmail,fanPass,fanDynamSalt)
VALUES('$userName','$userEmailAddress','$userPassword','$dynamSalt')"
);
$sth->execute();
////////////////////////////////////////////////////////////////////
## Set Session Var for this PK ID in Fan table that is being created ##
////////////////////////////////////////////////////////////////////
$_SESSION['newUserSessID'] = $dbh->lastInsertId();
} //try
catch(PDOException $e){
#echo "Oops, We're experiencing an error.INSERTING NEW FAN";
file_put_contents('/PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);
} //catch
}
else{
// Redirect back to login form
header('../index.php');
//*SHOW ERRORS*//
}
文件dbi.php:
<?php
####### DB Config Setting #######
$host ='localhost'; //////////////
$dbname ='thedatabasesnamehere';//////////
$user ='theuser'; //////////////
$pass ='thepass'; //////////////
/////////////////////////////////
?>
session_function.php - 包含6个会话功能
<?php
function _open()
{
try{
// Open the database
global $dbname, $host,$user,$pass;
$dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
#echo "<DIV STYLE='COLOR:RED;'>"."CONNECTED!!"."</DIV>";
} //try
catch(PDOException $e){
#echo "Oops, We're experiencing an error CONNECTING.";
file_put_contents('PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);
} //catch
}
## Kill Connection to Mysql (Using PDO)
function _close(){
$dbh = null;
}
## Read a current session
function _read($id){
try{
// Open the database
global $dbname,$host,$user,$pass;
$dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
// Begin Query
$id = mysql_real_escape_string($id);
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = '$id'");
$sth->execute();
}
catch(PDOException $e){
#echo "Oops, We're experiencing an error. READING";
file_put_contents('PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);
} //catch
## return '';
}
## + other functions
填写4个html输入时收到这些警告/错误......:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'fannedup'@'localhost' (using password: NO) on line 30
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established on line 30
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started atsess_function.php:30) in on line 12
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started atsess_function.php:30) in on line 12
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'fannedup'@'localhost' (using password: NO) on line 21
任何人都能看到我做错了什么?它在本地机器上工作得很好..但是一旦我把它带到网上,就会给我这些错误。在服务器上我有PHP Version 5.2.17 and localhost is 5.3.1 ??
答案 0 :(得分:10)
您收到错误是因为您尝试在没有活动mysql_real_escape_string连接资源的情况下使用ext/mysql。这是因为您正在使用PDO,因此您只建立了PDO连接。这两个功能系列不可互换。
<强> WRONG
$id = mysql_real_escape_string($id);
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = '$id'");
$sth->execute();
<强> CORRECT
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = ?");
$sth->execute(array($id));
或者您可以使用命名占位符:
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = :id");
$sth->execute(array(':id' => $id));
使用预准备语句,查询中的参数在实现中内部转义,这是使用它们的一大优点。如果由于某种原因你需要手动转义查询的字符串部分,那么你需要使用PDO转义函数PDO::quote
答案 1 :(得分:1)
当您使用像PDO这样的数据访问抽象层时,不应该使用mysql_real_escape_string。
您可能会在您的产品上遇到错误,因为您可能在那里设置了另一个display_errors设置。
会话警告应该通过移动session_start()来解决;在您使用它的文件顶部。