使使用MySQL的PHP代码与MsSQL一起工作
我们有一个由一群学生开发的项目,作为他们硕士学位期末项目的一部分。整体解决方案效果很好,不幸的是,它是为MySQL数据库开发的,我们使用的是MsSQL服务器数据库 我一直在努力等待,但我没有真正取得任何进展。在本地机器上,我运行的是一台带有PHP5.3.29和SQLServer2012的Apache服务器 来自phpinfo()的信息; Apache版本Apache/2.2.25(Win32)PHP/5.3.29 我看不到phpinfo()中提到mssql,但在PHP.ini中,我有以下内容:使使用MySQL的PHP代码与MsSQL一起工作,php,mysql,sql-server,Php,Mysql,Sql Server,我们有一个由一群学生开发的项目,作为他们硕士学位期末项目的一部分。整体解决方案效果很好,不幸的是,它是为MySQL数据库开发的,我们使用的是MsSQL服务器数据库 我一直在努力等待,但我没有真正取得任何进展。在本地机器上,我运行的是一台带有PHP5.3.29和SQLServer2012的Apache服务器 来自phpinfo()的信息; Apache版本Apache/2.2.25(Win32)PHP/5.3.29 我看不到phpinfo()中提到mssql,但在PHP.ini中,我有以下内容:
[MSSQL]
; Allow or prevent persistent links.
mssql.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
mssql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
mssql.max_links = -1
; Minimum error severity to display.
mssql.min_error_severity = 10
; Minimum message severity to display.
mssql.min_message_severity = 10
; Compatibility mode with old versions of PHP 3.0.
mssql.compatability_mode = Off
; Connect timeout
;mssql.connect_timeout = 5
; Query timeout
;mssql.timeout = 60
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textlimit = 4096
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textsize = 4096
; Limits the number of records in each batch. 0 = all records in one batch.
;mssql.batchsize = 0
; Specify how datetime and datetim4 columns are returned
; On => Returns data converted to SQL server settings
; Off => Returns values as YYYY-MM-DD hh:mm:ss
;mssql.datetimeconvert = On
; Use NT authentication when connecting to the server
mssql.secure_connection = On
; Specify max number of processes. -1 = library default
; msdlib defaults to 25
; FreeTDS defaults to 4096
;mssql.max_procs = -1
; Specify client character set.
; If empty or not set the client charset from freetds.conf is used
; This is only used when compiled with FreeTDS
;mssql.charset = "ISO-8859-1"
$myServer = "localhost";
$myUser = "sa";
$myPass = "sa123";
$myDB = "st";
//connection to the database
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer");
die();
$selected = mssql_select_db($myDB, $dbhandle)
or die("Couldn't open database $myDB");
<?php
error_reporting(E_ALL);
session_start(); // Starting Session
require("includes/db_connect.php");
$hint = "";
$username=$_POST["username"];
$password=$_POST["password"];
/*=============================================================
SQL INJECTION PREVENTION
===============================================================*/
$PRElist = array();
$PREsql = "SELECT Username, Password FROM tblUsers ;";
$PREresult = mssql_query($PREsql);
//if (mysqli_num_rows($PREresult)>0)
if (1 == 1){
// output data of each row
while($row = mssql_fetch_assoc($PREresult)) {
$PRElist[]= strtolower($row['Username']);
$PRElist[strtolower($row['Username'])]=$row['Password'];
}
}//to prevent sql injection
//=======================START LOOKING UP THE USER==================
if ((in_array(strtolower($username), $PRElist))&&($PRElist[strtolower($username)]==$password))
{
$sql = "SELECT UserId, Username, Password FROM tblUsers where Username='$username' AND Password='$password'";
$result = mssql_query($sql);
$numRows = mssql_num_rows($result);
if ($numRows > 0) {
// output data of each row
while($row = mssql_fetch_assoc($result)) {
$hint=""; //initialize the hint string..
if (strtolower($username)==strtolower($row["Username"])){
$userID= $row["UserId"];
$sql = "SELECT GroupId FROM tblUserGroups where UserId='$userID'";
$result = mssql_query($sql);
$numRows1 = mssql_num_rows($result);
if ($numRows1 > 0) {
// output data of each row
while($row = mssql_fetch_assoc($result)) {
switch ($row["GroupId"]) {
case '1':
header("location: home.php"); // Redirecting To Other Page
$hint="<span style='color:green'> This username is registered </span>";
$_SESSION['login_user']=$username; // Initializing Session
$_SESSION['login_pass']=$password; // Initializing Session# code...
$_SESSION['userID']=$userID; // Initializing Session# code...
break;
case '2':
header("location: Team_Home.php"); // Redirecting To Other Page
$hint="<span style='color:green'> This username is registered </span>";
$_SESSION['login_user']=$username; // Initializing Session
$_SESSION['login_pass']=$password; // Initializing Session# code...
$_SESSION['userID']=$userID; // Initializing Session# code...
break;
case '3':
header("location: Staff_Home.php"); // Redirecting To Other Page
$hint="<span style='color:green'> This username is registered </span>";
$_SESSION['login_user']=$username; // Initializing Session
$_SESSION['login_pass']=$password; // Initializing Session# code...
$_SESSION['userID']=$userID; // Initializing Session# code...
break;
default:
$hint="<span style='color:red'>Not registered...</span>";
header("location: index.php"); // Redirecting To Other Page
break;
}
}
}
}
else
{
$hint="<span style='color:red'>Not registered...</span>";
header("location: index.php"); // Redirecting To Other Page
}
}
}
}
else{
header("location: index.php"); // Redirecting To Other Page
$hint="<span style='color:red'>Not registered...</span>";
}
echo $hint;
mssql_close($conn);
如果你得到一个白色屏幕,这意味着你的php代码中有语法错误,你是否尝试过错误报告(E_ALL)?我尝试了错误报告,但仍然没有任何结果。这段代码非常不安全,那些“硕士生”确实需要学习一些安全方面的知识。此脚本易受SQL注入攻击。此外,您的php版本是旧的。你能从你的phpinfo()中添加一些信息吗;他们在文件的开头有一些防止SQL注入的代码,我只是没有把它包括在文章中。是否要完整的phpinfo();结果或者你在寻找什么信息?即使它触发了die()
,他至少会看到消息而不是白色屏幕。哎呀,那只是我在做的一些调试!没有模具的结果相同();though@Rushikumar如果在代码的开头设置die()
,您会看到什么消息?@Ultrazz008您指的是这个,对吗<代码>$dbhandle=mssql_connect($myServer、$myUser、$myPass)或die(“无法连接到$myServer上的SQL Server”)否,后面的那行。。它是die()单独。
$myServer = "localhost";
$myUser = "sa";
$myPass = "sa123";
$myDB = "st";
//connection to the database
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer");
die(); // whats this for? it can cause white screen.**
$selected = mssql_select_db($myDB, $dbhandle)
or die("Couldn't open database $myDB");