大家好,有一个站点,在配置数据库调用时不能将mysql修改为mysqli,以下是config.php文件查询语句: <?php // 数据库配置 $dbhost = 'localhost'; $dbuser = 'root'; $dbpasswd = 'passwd'; $dbname = 'name'; error_reporting(0); // 创建mysqli连接 $conn = mysqli_connect($dbhost,$dbuser,$dbpasswd); $mysqli = mysql_connect($dbhost,$dbuser,$dbpasswd,$dbname); if (!$conn) { die("连接失败: " . mysqli_connect_error()); } if (!mysqli_set_charset($conn, "utf8mb4")) { die("设置字符集失败: " . mysqli_error($conn)); } // 在所有数据库操作完成后关闭连接 mysqli_close($conn);
function idtocn($id,$table) { $sql="select * from ".$table." where id=".$id.""; global $dbname; $result = mysqli_query($dbname, $sql); $rs=mysqi_fetch_array($result); return $rs["cnClass"]; } public function utfSubstr($str, $position, $length){ $type=1; $startPos = strlen($str); $startByte = 0; $endPos = strlen($str); $count = 0; for($i=0; $i<strlen($str); $i++){ if($count>=$position && $startPos>$i){ $startPos = $i; $startByte = $count; } if(($count-$startByte) >= $length) { $endPos = $i; break; } $value = ord($str[$i]); if($value > 127){ $count++; if($value>=192 && $value<=223) $i++; elseif($value>=224 && $value<=239) $i = $i + 2; elseif($value>=240 && $value<=247) $i = $i + 3; else return self::raiseError("\"$str\" Not a UTF-8 compatible string", 0, __CLASS__, __METHOD__, __FILE__, __LINE__); } $count++;
} if($type==1 && ($endPos-6)>$length){ return substr($str, $startPos, $endPos-$startPos)."..."; }else{ return substr($str, $startPos, $endPos-$startPos); } } } $newsOB=new newsNr(); ?>
以下是需要调用数据库的show.php内容页,代码如下: <?php include("../include/config.php"); // 获取并处理id $id = isset($_REQUEST["id"]) ? $_REQUEST["id"] : ''; if($id == ""){ $cnClass = "最新资讯"; } else { $cnClass = mysqli_real_escape_string($conn, $id); // 假设id就是cnClass $sql = "SELECT * FROM news WHERE cnClass='$cnClass'"; $result = mysqli_query($conn, $sql); if ($result) { $rss = mysqli_fetch_array($result); $cnClass = $rss["cnClass"]; } else { // 查询失败处理 } } // 获取并处理ID $ID = inject_check($_REQUEST["ID"]); $sqlN = "SELECT * FROM news_info WHERE ID='$ID'"; $resultN = mysqli_query($conn, $sqlN); if ($resultN) { $rsN = mysqli_fetch_array($resultN); // 处理信息... } else { // 查询失败处理 } $resultN=mysql_db_query($dbname,$sqlN); $rsN=mysql_fetch_array($resultN); ?> 上述代码因使用了mysql存在被注入,现想将 config.php的$mysqli = mysql_connect($dbhost,$dbuser,$dbpasswd,$dbname);修改为$mysqli = mysqli_connect($dbhost,$dbuser,$dbpasswd,$dbname); 将show.php内容页的 $resultN=mysql_db_query($dbname,$sqlN); $rsN=mysql_fetch_array($resultN); 修改为 $resultN=mysqli_query($dbname,$sqlN); $rsN=mysqli_fetch_array($resultN); 但修改后内容页的标题字段:<h1><?php echo $rsN["title"];?></h1>和正文字段:<?php echo $rsN["content"];?>调用就显示空白,请问要如何修改才能正常显示标题和内容等调用呢?麻烦路过的大神帮忙修改一下,非常感谢!
|