我对此函数GetSQLValueString有疑问,是将SQL字符串值处理为正确模式的软件。
此函数将生成以下代码:
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) :$theValue;
}
$theValue = function_exists("mysqli_real_escape_string") ?
mysqli_real_escape_string($connSQL, $theValue) :
mysqli_escape_string($connSQL, $theValue);
switch ($theType)
{
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
这不是一个大问题,虽然有点难以理解。
这些代码嵌入在index.php中,会出现一些问题:
注意:未定义的变量:connSQL
我的 index.php
<?php require_once('Connections/connSQL.php'); ?>
<?php
if (!function_exists("GetSQLValueString"))
{
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6)
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($connSQL, $theValue) : mysqli_escape_string($connSQL, $theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$colname_RecUser = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_RecUser = $_SESSION['MM_Username'];
}
mysqli_select_db($connSQL, $database_connSQL);
$query_RecUser = sprintf("SELECT * FROM memberdata WHERE m_username = %s", GetSQLValueString($colname_RecUser, "text"));
$RecUser = mysqli_query($connSQL, $query_RecUser) or die(mysqli_error());
$row_RecUser = mysqli_fetch_assoc($RecUser);
$totalRows_RecUser = mysqli_num_rows($RecUser);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION))
{
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck']))
{
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['m_username'])) {
$loginUsername=$_POST['m_username'];
$password=md5($_POST['m_password']);
$MM_fldUserAuthorization = "m_level";
$MM_redirectLoginSuccess = "membercenter.php";
$MM_redirectLoginFailed = "index.php?errMsg=1";
$MM_redirecttoReferrer = false;
mysqli_select_db($connSQL, $database_connSQL);
$LoginRS__query=sprintf("SELECT m_username, m_passwd, m_level FROM memberdata WHERE m_username=%s AND m_passwd=%s",
GetSQLValueString($loginUsername, "text"),GetSQLValueString($password, "text"));
$LoginRS = mysqli_query($connSQL, $LoginRS__query) or die(mysqli_error());
$loginFoundUser = mysqli_num_rows($LoginRS);
if ($loginFoundUser)
{
$loginStrGroup = mysql_result($LoginRS,0,'m_level');
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false)
{
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else
{
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>會員管理系統 - 首頁</title>
</head>
<body>
<form name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
<table width="250" border="1" align="center">
<tr valign="top"><td align="center">
<p>會員管理系統</p>
<p>帳號:<br>
<input name="m_username" type="text" >
</p>
<p>密碼:<br>
<input name="m_password" type="password">
</p>
<p align="center">
<input type="submit" name="login" value="登入">
</p>
<p><a href="memberjoin.php">馬上申請會員</a></p>
</td></tr>
</table>
</form>
<form name="form2" method="POST">
<?php /*start input_input script*/ if (isset($errMsg) && ($_GET['errMsg'] == 1)){ echo $errMsg; ?>
<table width="250" border="0" align="center">
<tr class="head2">
<tr align="center">
<td>錯誤訊息</td>
</tr>
<tr>
<td align="center">帳號、密碼錯誤,<br>
請重新登入!</td>
</tr>
</table>
<?php } /*end input_input script*/ ?>
</form>
<form name="form3" method="POST">
<?php /*start input_input script*/ if (isset($errMsg) && ($_GET['errMsg'] == 1)){ echo $errMsg; ?>
<table width="250" border="0" align="center">
<tr>
<td align="center"><table width="250" border="0" align="center">
<tr class="head2">
<tr align="center">
<td>錯誤訊息</td>
</tr>
<tr>
<td align="center">請您先登入會員,<br>
或是您的權限不足!</td>
</tr>
</table></td>
</tr>
</table>
<?php } /*end input_input script*/ ?>
</form>
</body>
</html>
<?php
mysqli_free_result($RecUser);
?>
我无法理解,$connSQL可以找到其他说明,但mysqli_real_escape_string()除外。
请帮我解决这些问题,谢谢
答案 0 :(得分:1)
你从connSQL.php获得$ connSQL,但它是一个全局变量,只需添加:
global $connSQL;
在你的“if”语句中,以便能够捕获你的变量。