PHP 7 警告:输入中的意外字符:'

【问题标题】:PHP 7 Warning: Unexpected character in input: 'PHP 7 警告:输入中的意外字符:'
【发布时间】:2017-09-05 05:21:51
【问题描述】:

每次我在这个文件中运行一个函数时,无论该函数是否包含在另一个文件中,都会不断弹出以下错误,我似乎无法识别出破坏它的代码。

当我删除一个函数时,同样的错误会出现在完全不同的行上。

警告:输入中的意外字符:' in Z:\WEB\cgit\functions\tools.php 第 125 行

<?php
    function connect() {
        $conn = oci_connect($username, $password, 'localhost:1521/xe');
        if (!$conn) {
            $e = oci_error();
            trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
        } else return $conn;
    } //end connect
    // /Used to check if a row with the specified value exist in a table
    // /INPUT $attribute: index name in $_GET or $_POST
    // /INPUT $table: name of table in database
    // /INPUT $column: name of column to check against in database
    // /INPUT $getOrpost: specifies where the data is stored, options:$_GET or $_POST
    function CheckExist($attribute, $table, $column, $getOrpost) {
        if (isset($getOrpost)) {
            if (!empty($getOrpost) && !empty($getOrpost[$attribute])) {
                $input = htmlspecialchars($getOrpost[$attribute]);
                $pdo = connect();
                $sql = 'SELECT COUNT(' . $column . ') FROM ' . $table . ' where ' . $column . ' = :attribute';
                $prepare = oci_parse($pdo, $sql);
                oci_bind_by_name($prepare, ':attribute', $input);
                if (oci_execute($prepare)) {
                    $res = oci_fetch_array($prepare, OCI_ASSOC + OCI_RETURN_NULLS);
                    if ($res['COUNT(' . $column . ')'] != 0) {
                        return true;
                    } else {
                        return false;
                    }
                } else {
                    $e = oci_error($prepare);
                    echo $e['message'];
                }
            }
        }
    }
    function CheckExistExt($attribute, $table, $column, $wherecolumn) {
        if (isset($attribute)) {
            if (!empty($attribute)) {
                $input = htmlspecialchars($attribute);
                $pdo = connect();
                $sql = 'SELECT COUNT(' . $column . ') FROM ' . $table . ' where ' . $wherecolumn . ' = :attribute';
                $prepare = oci_parse($pdo, $sql);
                oci_bind_by_name($prepare, ':attribute', $input);
                if (oci_execute($prepare)) {
                    $res = oci_fetch_array($prepare, OCI_ASSOC + OCI_RETURN_NULLS);
                    if ($res['COUNT(' . $column . ')'] != 0) {
                        return true;
                    } else {
                        return false;
                    }
                } else {
                    $e = oci_error($prepare);
                    echo $e['message'];
                    exit();
                }
            }
        }
    }
    // /Used to return single cell from database
    // /INPUT $table: table in the database where to look for the data
    // /INPUT $column: the name of the column you want to select
    // /INPUT $where_column: the name of the column that contains the data that needs to match the input
    // /INPUT $where: the data that will be looked for in the specified column.
    function GrabData($table, $column, $where_column, $where) {
        $input = $where;
        $pdo = connect();
        $sql = 'SELECT ' . $column . ' FROM ' . $table . ' where ' . $where_column . ' = :attribute';
        $prepare = oci_parse($pdo, $sql);
        oci_bind_by_name($prepare, ':attribute', $input);
        if (oci_execute($prepare)) {
            $res = oci_fetch_array($prepare, OCI_ASSOC + OCI_RETURN_NULLS);
            if ($res != null) {
                return $res;
            } else {
                return false;
            }
        } else {
            $e = oci_error($prepare);
            echo $e['message'];
        }
    }
    // /Used to return the results of a specified mySQL query
    // /$query is the basic mySQL query eg: "SELECT * FROM users WHERE email = :email AND password = :password".
    // /$bind is a nested array, must be in pairs, eg: 'array(array(':email', 'generic@email.com'), array(':password', 'passwordtext'))'
    function GrabMoreData($query, $bind = null) {
        $pdo = connect();
        $sql = $query;
        $prepare = oci_parse($pdo, $sql);
        if (!empty($bind)) {
            foreach ($bind as $attribute) {
                oci_bind_by_name($prepare, $attribute[0], $attribute[1]);
                /*                                 echo $attribute[0]." ".$attribute[1];*/
            }
        }
        if (oci_execute($prepare)) {
            $res = oci_fetch_array($prepare, OCI_ASSOC + OCI_RETURN_NULLS);
            if ($res != null) {
                return $res;
            } else {
                return false;
            }
        } else {
            $e = oci_error($prepare);
            echo $e['message'];
        }
    }
    function GrabAllData($query, $bind = null) {
        $pdo = connect();
        $sql = $query;
        $prepare = oci_parse($pdo, $sql);
        if (!empty($bind)) {
            foreach ($bind as $attribute) {
                oci_bind_by_name($prepare, $attribute[0], $attribute[1]);
            }
        }
        if (oci_execute($prepare)) {
            oci_fetch_all($prepare, $res);
            if ($res != null) {
                return $res;
            } else {
                return false;
            }
        } else {
            $e = oci_error($prepare);
            echo $e['message'];
        }
    }
    function InsertData($query, $bind = null) {
        $pdo = connect();
        $sql = $query;
        $prepare = oci_parse($pdo, $sql);
        if (!empty($bind)) {
            foreach ($bind as $attribute) {
                oci_bind_by_name($prepare, $attribute[0], $attribute[1]);
            }
        }
        if (oci_execute($prepare)) {
            return 'success';
        } else {
            $e = oci_error($prepare);
            echo $e['message'];
        }
    }
    ?>

【问题讨论】:

  • 您一定忘记了代码中某处的结束引号或分号。
  • Nooooo.....这种编程正好适合执行SQL注入攻击。

标签: php oracle function syntax-error runtime-error


【解决方案1】:

我也遇到了这个问题,我解决了! 在类大括号之后的代码末尾,您可能会清除多余的行和 PHP 结束标记 ?&gt;

<?php
function connect() {
    $conn = oci_connect($username, $password, 'localhost:1521/xe');
    if (!$conn) {
        $e = oci_error();
        trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
    } else return $conn;
} //end connect
// /Used to check if a row with the specified value exist in a table
// /INPUT $attribute: index name in $_GET or $_POST
// /INPUT $table: name of table in database
// /INPUT $column: name of column to check against in database
// /INPUT $getOrpost: specifies where the data is stored, options:$_GET or $_POST
function CheckExist($attribute, $table, $column, $getOrpost) {
    if (isset($getOrpost)) {
        if (!empty($getOrpost) && !empty($getOrpost[$attribute])) {
            $input = htmlspecialchars($getOrpost[$attribute]);
            $pdo = connect();
            $sql = 'SELECT COUNT(' . $column . ') FROM ' . $table . ' where ' . $column . ' = :attribute';
            $prepare = oci_parse($pdo, $sql);
            oci_bind_by_name($prepare, ':attribute', $input);
            if (oci_execute($prepare)) {
                $res = oci_fetch_array($prepare, OCI_ASSOC + OCI_RETURN_NULLS);
                if ($res['COUNT(' . $column . ')'] != 0) {
                    return true;
                } else {
                    return false;
                }
            } else {
                $e = oci_error($prepare);
                echo $e['message'];
            }
        }
    }
}
function CheckExistExt($attribute, $table, $column, $wherecolumn) {
    if (isset($attribute)) {
        if (!empty($attribute)) {
            $input = htmlspecialchars($attribute);
            $pdo = connect();
            $sql = 'SELECT COUNT(' . $column . ') FROM ' . $table . ' where ' . $wherecolumn . ' = :attribute';
            $prepare = oci_parse($pdo, $sql);
            oci_bind_by_name($prepare, ':attribute', $input);
            if (oci_execute($prepare)) {
                $res = oci_fetch_array($prepare, OCI_ASSOC + OCI_RETURN_NULLS);
                if ($res['COUNT(' . $column . ')'] != 0) {
                    return true;
                } else {
                    return false;
                }
            } else {
                $e = oci_error($prepare);
                echo $e['message'];
                exit();
            }
        }
    }
}
// /Used to return single cell from database
// /INPUT $table: table in the database where to look for the data
// /INPUT $column: the name of the column you want to select
// /INPUT $where_column: the name of the column that contains the data that needs to match the input
// /INPUT $where: the data that will be looked for in the specified column.
function GrabData($table, $column, $where_column, $where) {
    $input = $where;
    $pdo = connect();
    $sql = 'SELECT ' . $column . ' FROM ' . $table . ' where ' . $where_column . ' = :attribute';
    $prepare = oci_parse($pdo, $sql);
    oci_bind_by_name($prepare, ':attribute', $input);
    if (oci_execute($prepare)) {
        $res = oci_fetch_array($prepare, OCI_ASSOC + OCI_RETURN_NULLS);
        if ($res != null) {
            return $res;
        } else {
            return false;
        }
    } else {
        $e = oci_error($prepare);
        echo $e['message'];
    }
}
// /Used to return the results of a specified mySQL query
// /$query is the basic mySQL query eg: "SELECT * FROM users WHERE email = :email AND password = :password".
// /$bind is a nested array, must be in pairs, eg: 'array(array(':email', 'generic@email.com'), array(':password', 'passwordtext'))'
function GrabMoreData($query, $bind = null) {
    $pdo = connect();
    $sql = $query;
    $prepare = oci_parse($pdo, $sql);
    if (!empty($bind)) {
        foreach ($bind as $attribute) {
            oci_bind_by_name($prepare, $attribute[0], $attribute[1]);
            /*                                 echo $attribute[0]." ".$attribute[1];*/
        }
    }
    if (oci_execute($prepare)) {
        $res = oci_fetch_array($prepare, OCI_ASSOC + OCI_RETURN_NULLS);
        if ($res != null) {
            return $res;
        } else {
            return false;
        }
    } else {
        $e = oci_error($prepare);
        echo $e['message'];
    }
}
function GrabAllData($query, $bind = null) {
    $pdo = connect();
    $sql = $query;
    $prepare = oci_parse($pdo, $sql);
    if (!empty($bind)) {
        foreach ($bind as $attribute) {
            oci_bind_by_name($prepare, $attribute[0], $attribute[1]);
        }
    }
    if (oci_execute($prepare)) {
        oci_fetch_all($prepare, $res);
        if ($res != null) {
            return $res;
        } else {
            return false;
        }
    } else {
        $e = oci_error($prepare);
        echo $e['message'];
    }
}
function InsertData($query, $bind = null) {
    $pdo = connect();
    $sql = $query;
    $prepare = oci_parse($pdo, $sql);
    if (!empty($bind)) {
        foreach ($bind as $attribute) {
            oci_bind_by_name($prepare, $attribute[0], $attribute[1]);
        }
    }
    if (oci_execute($prepare)) {
        return 'success';
    } else {
        $e = oci_error($prepare);
        echo $e['message'];
    }
}

【讨论】:

    猜你喜欢
    • 2014-07-23
    • 2015-12-24
    • 2011-12-11
    • 2019-08-02
    • 1970-01-01
    • 2020-06-11
    • 2019-04-20
    • 2013-09-14
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode