php / sql登录脚本故障排除
问题描述:
So, when I run this login script, I get the following error:
PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in (...) on line 116.
I'm calling the database at the top of the script, and not getting any errors from PEAR... print_r($db) returns an object...
code follows:
<?php
function &db_connect() {
require_once 'DB.php';
PEAR::setErrorHandling(PEAR_ERROR_DIE);
$db_host = 'internal-db.xxxxx.gridserver.com';
$db_user = 'xxxxx';
$db_pass = 'xxxx';
$db_name = 'xxxxx_wedding2';
$dsn = "mysqli://$db_user:$db_pass@$db_host/$db_name";
$db = DB::connect($dsn);
$db->setFetchMode(DB_FETCHMODE_OBJECT);
return $db;
}
$db = &db_connect();
if (DB::isError ($db))
die ("Cannot connect: " . $db->getMessage () . "
");
if (!isset($_SESSION['uid'])) {
session_defaults();
}
function session_defaults() {
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
}
class User {
var $db = null; //PEAR::DB pointer
var $failed = false; //failed login
var $date; //current date
var $id = 0; //current users id
function User(&$db) { //is this the constructor?
$this->db = $db;
$this->date = $GLOBALS['date'];
$this->role = $_SESSION['role'];
if ($_SESSION['logged']) {
$this->_check_Session();
} elseif (!isset($_COOKIE['myLogin'])) {
$this->_checkRemembered($_COOKIE['myLogin']);
}
}
function _checkLogin($username, $password, $remember) {
$username = $this->db->quote($username); //uses PEAR::DB->quote method to sanitize input
$password = $this->db->quote(md5($password)); // " "
$sql = "SELECT * FROM guest WHERE (username = $username) AND (password = $password)";
$result = $this->db->getRow($sql);
if (is_object($result)) {
$this->_setSession($result, $remember);
return true;
} else {
$this->failed = true;
$this->_logout();
print "Sorry, you have entered an invalid username or password!";
return false;
}
}
function _checkRemembered($cookie) {
list($username, $cookie) = unserialize($cookie);
if (!$username or !$cookie) return;
$username = $this->db->quote($username);
$cookie = $this->db->quote($cookie);
$sql = "SELECT * FROM member WHERE (username = $username) AND (cookie = $cookie)";
$result = $this->db->getRow($sql);
if (is_object($result)) {
$this->_setSession($result, true);
}
}
function _setSession(&$values, $remember, $init = true) {
$this->id = $values->id;
$_SESSION['uid'] = $this->id;
$_SESSION['username'] = htmlspecialchars($values->username);
$_SESSION['cookie'] = $values->cookie;
$_SESSION['logged'] = true;
$_SESSION['role'] = $values->role;
if ($remember) {
$this->updateCookie($values->cookie, true);
}
/* if ($init) {
$session = $this->db->quote($_SERVER['REMOTE_ADDR']);
$sql = "UPDATE guest SET session = $session, ip = $ip WHERE id = $this->id";
$this->db->query($sql);
}*/
}
function updateCookie($cookie, $save) {
$_SESSION['cookie'] = $cookie;
if ($save) {
$cookie = serialize(array($_SESSION['username'], $cookie));
set_cookie;}
}
}
function _logout() {
session_defaults();
}
$date = time();
$user = new User($db);
$myusername = mysql_real_escape_string(stripslashes($_POST['myusername']));
$mypassword = mysql_real_escape_string(stripslashes($_POST['mypassword']));
$status = $user->_checkLogin;
print_r($status);
Any thoughts what I'm missing here? Is there a better way to troubleshoot my db connection?
Thanks in advance.
答
Please read mysql_real_escape_string() documentation. You should provide link to connection with mysql as 2nd argument.
Updated: if you want to store user's data to database, so why not use prepare() from PEAR::DB? It effectively protect you from SQL-injection.