php / sql登录脚本故障排除

时间:2011-05-14 20:05:15

标签: php mysql sql login

因此,当我运行此登录脚本时,出现以下错误:

  

PHP警告:   mysql_real_escape_string()[function.mysql-real-escape-string]:   无法链接到服务器   在(...)第116行建立。

我正在调用脚本顶部的数据库,而不是从PEAR中获取任何错误... print_r($ db)返回一个对象......

代码如下:

<?php

function &db_connect() { 
  require_once 'DB.php'; 
  PEAR::setErrorHandling(PEAR_ERROR_DIE); 
  $db_host = 'internal-db.xxxxx.gridserver.com'; 
  $db_user = 'xxxxx'; 
  $db_pass = 'xxxx'; 
  $db_name = 'xxxxx_wedding2'; 
  $dsn = "mysqli://$db_user:$db_pass@$db_host/$db_name"; 
  $db = DB::connect($dsn); 
  $db->setFetchMode(DB_FETCHMODE_OBJECT); 
  return $db; 
}
$db = &db_connect();
if (DB::isError ($db))
     die ("Cannot connect: " . $db->getMessage () . "\n"); 

if (!isset($_SESSION['uid'])) {
  session_defaults();
}

function session_defaults() { 
  $_SESSION['logged'] = false; 
  $_SESSION['uid'] = 0; 
  $_SESSION['username'] = ''; 
  $_SESSION['cookie'] = 0; 
  $_SESSION['remember'] = false; 
}

class User {
  var $db = null; //PEAR::DB pointer
  var $failed = false; //failed login
  var $date;  //current date
  var $id = 0; //current users id

  function User(&$db) {   //is this the constructor?
    $this->db = $db;
    $this->date = $GLOBALS['date'];
    $this->role = $_SESSION['role'];
    if ($_SESSION['logged']) {
      $this->_check_Session();
    } elseif (!isset($_COOKIE['myLogin'])) {
      $this->_checkRemembered($_COOKIE['myLogin']);
    }

  }

   function _checkLogin($username, $password, $remember) {
    $username = $this->db->quote($username);  //uses PEAR::DB->quote method to sanitize input
    $password = $this->db->quote(md5($password)); // "  "
    $sql = "SELECT * FROM guest WHERE (username = $username) AND (password = $password)";
    $result = $this->db->getRow($sql);
    if (is_object($result)) {
      $this->_setSession($result, $remember);
      return true;
    } else {
      $this->failed = true;
      $this->_logout();
      print "Sorry, you have entered an invalid username or password!";
      return false;
    }
  }

  function _checkRemembered($cookie) {
    list($username, $cookie) = unserialize($cookie);
    if (!$username or !$cookie) return;
    $username = $this->db->quote($username);
    $cookie = $this->db->quote($cookie);
    $sql = "SELECT * FROM member WHERE (username = $username) AND (cookie = $cookie)";
    $result = $this->db->getRow($sql);
    if (is_object($result)) {
      $this->_setSession($result, true);    
    }  
  }

  function _setSession(&$values, $remember, $init = true) {
    $this->id = $values->id;
    $_SESSION['uid'] = $this->id;
    $_SESSION['username'] = htmlspecialchars($values->username);
    $_SESSION['cookie'] = $values->cookie;
    $_SESSION['logged'] = true;
    $_SESSION['role'] = $values->role;
    if ($remember) {
      $this->updateCookie($values->cookie, true);
    }
   /* if ($init) {
    $session = $this->db->quote($_SERVER['REMOTE_ADDR']);
    $sql = "UPDATE guest SET session = $session, ip = $ip WHERE id = $this->id";
    $this->db->query($sql);
    }*/
  }


  function updateCookie($cookie, $save) {
    $_SESSION['cookie'] = $cookie;
    if ($save) {
      $cookie = serialize(array($_SESSION['username'], $cookie));
      set_cookie;}
    }
  }

  function _logout() {
    session_defaults();
  }

  $date = time();
  $user = new User($db);
  $myusername = mysql_real_escape_string(stripslashes($_POST['myusername']));
  $mypassword = mysql_real_escape_string(stripslashes($_POST['mypassword'])); 
  $status  = $user->_checkLogin;
  print_r($status);

有什么想法,我在这里缺少什么?有没有更好的方法来解决我的数据库连接问题?

提前致谢。

1 个答案:

答案 0 :(得分:2)

请阅读mysql_real_escape_string()文档。你应该提供与mysql连接的链接作为第二个参数。

更新:如果要将用户数据存储到数据库,为什么不使用PEAR :: DB中的prepare()?它有效地保护您免受SQL注入。

相关问题
最新问题