【发布时间】:2020-06-04 06:23:03
【问题描述】:
我面临着很大的挑战。我有我的函数where(),它跟踪用户在网站上的访问位置,并获取脚本文件名并提供描述并插入数据库。
该脚本一直运行良好,直到最近,并且在最近从 MySQL 5.6.40 到 5.6.47
我不确定这是否与它有关,但几天后我发现它不再工作了。
我们的功能:
function where($scriptname = "index", $userid, $update=1){
if (!is_valid_id($userid))
die;
if (preg_match("/details.php/i", $scriptname))
$where = "Browsing File Details (ID $_GET[id])";
elseif (preg_match("/files.php/i", $scriptname))
$where = "Browsing Files";
elseif (preg_match("/account-info.php/i", $scriptname))
$where = "Browsing Account Info (ID $_GET[id])";
elseif (preg_match("/upload.php/i", $scriptname))
$where = "Uploading File";
elseif (preg_match("/account.php/i", $scriptname))
$where = "Browsing User Control Panel";
elseif (preg_match("/search.php/i", $scriptname))
$where = "Searching For Files";
elseif (preg_match("/forums.php/i", $scriptname))
$where = "Viewing Forums";
elseif (preg_match("/index.php/i", $scriptname))
$where = "Browsing Homepage";
elseif (preg_match("/mailbox.php/i", $scriptname))
$where = "Viewing Messages";
elseif (preg_match("/comments.php/i", $scriptname))
$where = "Viewing Comments";
elseif (preg_match("/recover.php/i", $scriptname))
$where = "Recovering Account";
elseif (preg_match("/bookmarks.php/i", $scriptname))
$where = "Viewing Bookmarks";
elseif (preg_match("/getfile.php/i", $scriptname))
$where = "Downloaded File (ID $_GET[id])";
elseif (preg_match("/faq.php/i", $scriptname))
$where = "Reading FAQ Page";
elseif (preg_match("/friends.php/i", $scriptname))
$where = "Viewing Friends";
elseif (preg_match("/admin.php/i", $scriptname))
$where = "Managing Admin Panel";
else
$where = "Unknown Location";
if ($update) {
// Worked until a few days ago. No site changes were made prior for quite some time.
//$query = sprintf("UPDATE users SET page=".sqlesc($where)." WHERE id ='%s'", mysql_real_escape_string($userid));
// Now using line below, which does insert into row if I use my own variable.
$query = "UPDATE users SET last_access='" . get_date_time() . "', page=" . sqlesc($where) . " WHERE id=" . $userid;
$result = SQL_Query_exec($query);
}
return $where;
}
现在,我已尝试使用以下代码将其范围缩小到导致它的原因。目前,上面的函数只插入
未知位置
到数据库,无论查看什么页面。
我明白了:
$stringtest = "This inserts into database!";
$query = "UPDATE users SET last_access='" . get_date_time() . "', page=" . sqlesc($stringtest) . " WHERE id=" . $userid;
这很好用,但是它没有通过任何$where 条件。
我尝试了各种正则表达式来匹配文件名,但无济于事。
知道我做错了什么吗?
提前致谢!
【问题讨论】:
-
你应该学会使用准备好的语句,而不是将字符串连接到 SQL 中。
-
“未知位置”发生在任何 SQL 完成之前。调试
$scriptname传递给此函数的内容。 -
把
var_dump($scriptname, $where)放在if/else之后。 -
@Barmar - 我已经使用了你的建议 var_dump 这就是产生的结果: string(55) "/usr/local/www/htdocs/details.php" string(33) "Browsing File Details (ID 193)" 不太确定如何处理这个问题。似乎在技术上可行,但不会更新行?
-
我不知道为什么第一个
preg_match()与那个名字不匹配。
标签: php mysql regex preg-match