如何将我的 PHP 4.0 登录脚本升级到 PHP 5.6?
How do I upgrade my PHP 4.0 login script to PHP 5.6?
我下面的脚本在 PHP 4.0 上运行完美,但我的 ISP 升级到 PHP 5.6,现在似乎有问题(它没有连接到 mySQL,等等) , 任何帮助表示赞赏
非常感谢
<?php
$userdb="var1";
$pass="var2";
$database="var3";
mysql_connect("sql.servername.com",$userdb,$pass);
@mysql_select_db($database) or die ( header('location: status4.htm') );
$match = "select id from USER_ACCOUNTS where username = '$username' and password = '$password'";
$qry = mysql_query($match)
or die ( header('location: status.htm?status=9') );
$num_rows = mysql_num_rows($qry);
// Valid Username and Password
if ($num_rows > 0) {
$qry = "SELECT * FROM USER_ACCOUNTS WHERE username like '%" . $username . "%'";
$res = mysql_query($qry);
$output='';
while($row = mysql_fetch_assoc($res)){
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
?>
这里是 mySQL 4.0 Table
id viewUsername viewPassword username password name title email admin file file2 file3 file4
1 user1 pass123 USER1 Manager email1 1 file1 file2 file3 file4
我猜想在您的旧版本上您启用了 register_globals,因此在 $username 和 $password 中您可以直接获得从表单发布的内容,不再是正在发生。
快速解决方案是在 php 代码的开头添加:
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
话虽如此,您代码中的每一行都在尖叫不良做法和可能的漏洞。如果您在高效的网站中使用它,我强烈建议您获得一些帮助以进行彻底改造。
这是 PDO 准备语句的示例
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$dbh = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset=utf8', $db_user, $db_pass);
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $dbh->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
?>
和html形式
<form action="" method="post">
<input type="text" name="username" placeholder="Username"><br />
<input type="password" name="password" placeholder="Password"><br />
<input type="submit" name="submit" value="Login">
</form>
更新
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = ? AND password = ?"))
{
/* bind parameters for markers */
$stmt->bind_param("s", $username);
$stmt->bind_param("s", $password);
/* execute query */
$stmt->execute();
$number_of_rows = $stmt->rowCount();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
/* close statement */
$stmt->close();
}
}
$mysqli->close();
?>
然后试试这个
<?php
error_reporting(1);
ini_set('display_errors', '1');
$conn = mysqli_connect('host', 'username', 'password', 'table name');
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($conn, "SELECT * FROM USER_ACCOUNTS WHERE username = '$username' AND password = '$password'");
if ($query)
{
// Valid Username and Password
if (mysqli_row_count($query) > 0)
{
$row = mysqli_fetch_array($query);
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
}
?>
我下面的脚本在 PHP 4.0 上运行完美,但我的 ISP 升级到 PHP 5.6,现在似乎有问题(它没有连接到 mySQL,等等) , 任何帮助表示赞赏
非常感谢
<?php
$userdb="var1";
$pass="var2";
$database="var3";
mysql_connect("sql.servername.com",$userdb,$pass);
@mysql_select_db($database) or die ( header('location: status4.htm') );
$match = "select id from USER_ACCOUNTS where username = '$username' and password = '$password'";
$qry = mysql_query($match)
or die ( header('location: status.htm?status=9') );
$num_rows = mysql_num_rows($qry);
// Valid Username and Password
if ($num_rows > 0) {
$qry = "SELECT * FROM USER_ACCOUNTS WHERE username like '%" . $username . "%'";
$res = mysql_query($qry);
$output='';
while($row = mysql_fetch_assoc($res)){
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
?>
这里是 mySQL 4.0 Table
id viewUsername viewPassword username password name title email admin file file2 file3 file4
1 user1 pass123 USER1 Manager email1 1 file1 file2 file3 file4
我猜想在您的旧版本上您启用了 register_globals,因此在 $username 和 $password 中您可以直接获得从表单发布的内容,不再是正在发生。
快速解决方案是在 php 代码的开头添加:
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
话虽如此,您代码中的每一行都在尖叫不良做法和可能的漏洞。如果您在高效的网站中使用它,我强烈建议您获得一些帮助以进行彻底改造。
这是 PDO 准备语句的示例
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$dbh = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset=utf8', $db_user, $db_pass);
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $dbh->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
?>
和html形式
<form action="" method="post">
<input type="text" name="username" placeholder="Username"><br />
<input type="password" name="password" placeholder="Password"><br />
<input type="submit" name="submit" value="Login">
</form>
更新
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = ? AND password = ?"))
{
/* bind parameters for markers */
$stmt->bind_param("s", $username);
$stmt->bind_param("s", $password);
/* execute query */
$stmt->execute();
$number_of_rows = $stmt->rowCount();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
/* close statement */
$stmt->close();
}
}
$mysqli->close();
?>
然后试试这个
<?php
error_reporting(1);
ini_set('display_errors', '1');
$conn = mysqli_connect('host', 'username', 'password', 'table name');
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($conn, "SELECT * FROM USER_ACCOUNTS WHERE username = '$username' AND password = '$password'");
if ($query)
{
// Valid Username and Password
if (mysqli_row_count($query) > 0)
{
$row = mysqli_fetch_array($query);
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
}
?>