如何将PHP4.0登录脚本升级到PHP5.6?
下面我的脚本在PHP4.0上运行得很好,但我的ISP升级到PHP5.6,现在似乎有问题(它没有连接到mySQL等),非常感谢您的帮助 非常感谢如何将PHP4.0登录脚本升级到PHP5.6?,php,mysql,login,php-5.6,php4,Php,Mysql,Login,Php 5.6,Php4,下面我的脚本在PHP4.0上运行得很好,但我的ISP升级到PHP5.6,现在似乎有问题(它没有连接到mySQL等),非常感谢您的帮助 非常感谢 <?php $userdb="var1"; $pass="var2"; $database="var3"; mysql_connect("sql.servername.com",$userdb,$pass); @mysql_select_db($database) or die ( header('location: status4.htm')
<?php
$userdb="var1";
$pass="var2";
$database="var3";
mysql_connect("sql.servername.com",$userdb,$pass);
@mysql_select_db($database) or die ( header('location: status4.htm') );
$match = "select id from USER_ACCOUNTS where username = '$username' and password = '$password'";
$qry = mysql_query($match)
or die ( header('location: status.htm?status=9') );
$num_rows = mysql_num_rows($qry);
// Valid Username and Password
if ($num_rows > 0) {
$qry = "SELECT * FROM USER_ACCOUNTS WHERE username like '%" . $username . "%'";
$res = mysql_query($qry);
$output='';
while($row = mysql_fetch_assoc($res)){
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
?>
我猜在旧版本中,您启用了
register\u globals$username$password
$username=$_请求['username'];
$password=$_请求['password'];
话虽如此,代码中的每一行都会尖叫出错误的做法和可能的漏洞。如果你在一个富有成效的网站上使用它,我强烈建议你获得一些帮助来进行彻底的改头换面。下面是PDO准备的声明示例
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$dbh = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset=utf8', $db_user, $db_pass);
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $dbh->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
?>
<form action="" method="post">
<input type="text" name="username" placeholder="Username"><br />
<input type="password" name="password" placeholder="Password"><br />
<input type="submit" name="submit" value="Login">
</form>
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = ? AND password = ?"))
{
/* bind parameters for markers */
$stmt->bind_param("s", $username);
$stmt->bind_param("s", $password);
/* execute query */
$stmt->execute();
$number_of_rows = $stmt->rowCount();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
/* close statement */
$stmt->close();
}
}
$mysqli->close();
?>
<?php
error_reporting(1);
ini_set('display_errors', '1');
$conn = mysqli_connect('host', 'username', 'password', 'table name');
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($conn, "SELECT * FROM USER_ACCOUNTS WHERE username = '$username' AND password = '$password'");
if ($query)
{
// Valid Username and Password
if (mysqli_row_count($query) > 0)
{
$row = mysqli_fetch_array($query);
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
}
?>
mysql.*
扩展不推荐使用,请使用mysqli
insteadmysql扩展可能不推荐使用,但在php 7之前不会删除。但是,如果您使用mysqli扩展会更好当您询问错误时,请始终发布错误日志。要在php代码中启用错误报告,请附加error\u reporting(E\u ALL);ini_集('display_errors','1')在脚本顶部,它返回什么?始终将问题相关信息添加到问题本身中。这样,未来的读者就不必通过梳理评论来理解整个故事。请编辑您的问题,然后删除带有错误消息的评论。感谢Nazareno-我正在使用html前端(输入框)添加用户名和密码,我只需运行调试脚本(不登录)即可查看它将通过whi@Mario出现什么错误-我已完全按照您概述的方式复制了脚本,并仅更新了以下内容(4)行(带有我的变量),但它不起作用(最初的PHP4.0脚本工作了5年多,直到上周ISP升级)//mysql连接$db_host='abc.server.com'$db_user='user35400'$db_pass='pass123'$db_name='ADMIN_mydatabase_com'@ServerProgrammer若并没有任何错误,那个么脚本就可以正常工作。这是PDO连接,它适用于所有版本的php。我对它进行了测试,效果很好。在过去5年多的时间里,我使用了上述(4)个变量,不确定我遗漏了什么?我完全按照您更新(4)个变量的方式运行了脚本,我只是测试了一下,看看连接后脚本是否回显“1”的状态值,并且脚本似乎没有走到这一步(不返回任何内容)
<?php
error_reporting(1);
ini_set('display_errors', '1');
$conn = mysqli_connect('host', 'username', 'password', 'table name');
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($conn, "SELECT * FROM USER_ACCOUNTS WHERE username = '$username' AND password = '$password'");
if ($query)
{
// Valid Username and Password
if (mysqli_row_count($query) > 0)
{
$row = mysqli_fetch_array($query);
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
}
?>