PHP 警告:mysqli::query():无法获取 mysqli
PHP Warning: mysqli::query(): Couldn't fetch mysqli
这是我当前的代码:
<?php
$key = $_REQUEST['key'];
$url = $_REQUEST['url'];
include_once '../../dbconnect.php';
$query = $conn->query("SELECT * FROM members WHERE apikey='$key' && status='Active'");
$userRow=$query->fetch_array();
$conn->close();
/// Verify the URL starts with http:// or https://
if (0 === strpos($url, 'http://') || 0 === strpos($url, 'https://')) {
$url = $url;
} else {
$url = "http://$url";
}
/// Verify the key is 32 characters
if (!preg_match('/[^A-Za-z0-9]/', $key) && (strlen($key) == 32)) {
/// Verify the URL isn't malicious
if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
die('Error: Invalid URL');
} else {
if ($userRow['status'] === 'Active') {
function generateRandomString($length = 8) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$redirect = generateRandomString();
$addshort = $conn->query("INSERT INTO short_".$redirect[0]." (redirect, apikey, url) VALUES ('".$redirect."','".$key."','".$url."')");
if ($conn->query($addshort) === TRUE) {
echo "added correctly";
} else {
echo "there was an error";
}
$conn->close();
} else {
echo "Error: Account Not Active";
}
}
} else {
die('Error: Invalid API Key');
}
?>
这是 error_log:
[18-Oct-2016 12:21:31 America/New_York] PHP Warning: mysqli::query(): Couldn't fetch mysqli in /home/username/public_html/subdomains/url/index.php on line 40
[18-Oct-2016 12:21:31 America/New_York] PHP Warning: mysqli::query(): Empty query in /home/username/public_html/subdomains/url/index.php on line 42
[18-Oct-2016 12:21:31 America/New_York] PHP Warning: mysqli::close(): Couldn't fetch mysqli in /home/username/public_html/subdomains/url/index.php on line 48
你可以看到第7行是我第一次连接数据库的地方:
$query = $conn->query("SELECT * FROM members WHERE apikey='$key' && status='Active'");
那条线路正在运行。但是,我第二次连接执行 INSERT 时,出现了上述错误:
$addshort = $conn->query("INSERT INTO short_".$redirect[0]." (redirect, apikey, url) VALUES ('".$redirect."','".$key."','".$url."')");
我盯着这段代码看了太久,是否遗漏了什么?
您的连接已关闭,在执行第一个 SELECT 语句后,表示连接提前关闭:
$conn->close();
您需要在所有查询或重新建立连接后使用 close()。第一个是更好的选择。
您正在收到用户输入 $_REQUEST['key'],这意味着您的查询已打开 SQL 注入,这将帮助您了解如何使用 [= 阻止您的代码23=]注入:How can I prevent SQL injection in PHP?
这个:
$addshort = $conn->query("INSERT ...')");
^^^^^^^
if ($conn->query($addshort) === TRUE) {
^^^^^
$addshort 是您的查询 result/handle/object,然后您尝试执行 AGAIN,但没有成功。 query() 需要一个 SQL 字符串,而您正在传递一个对象。
除此之外,您还容易受到 sql injection attacks.
的攻击
这是我当前的代码:
<?php
$key = $_REQUEST['key'];
$url = $_REQUEST['url'];
include_once '../../dbconnect.php';
$query = $conn->query("SELECT * FROM members WHERE apikey='$key' && status='Active'");
$userRow=$query->fetch_array();
$conn->close();
/// Verify the URL starts with http:// or https://
if (0 === strpos($url, 'http://') || 0 === strpos($url, 'https://')) {
$url = $url;
} else {
$url = "http://$url";
}
/// Verify the key is 32 characters
if (!preg_match('/[^A-Za-z0-9]/', $key) && (strlen($key) == 32)) {
/// Verify the URL isn't malicious
if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
die('Error: Invalid URL');
} else {
if ($userRow['status'] === 'Active') {
function generateRandomString($length = 8) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$redirect = generateRandomString();
$addshort = $conn->query("INSERT INTO short_".$redirect[0]." (redirect, apikey, url) VALUES ('".$redirect."','".$key."','".$url."')");
if ($conn->query($addshort) === TRUE) {
echo "added correctly";
} else {
echo "there was an error";
}
$conn->close();
} else {
echo "Error: Account Not Active";
}
}
} else {
die('Error: Invalid API Key');
}
?>
这是 error_log:
[18-Oct-2016 12:21:31 America/New_York] PHP Warning: mysqli::query(): Couldn't fetch mysqli in /home/username/public_html/subdomains/url/index.php on line 40
[18-Oct-2016 12:21:31 America/New_York] PHP Warning: mysqli::query(): Empty query in /home/username/public_html/subdomains/url/index.php on line 42
[18-Oct-2016 12:21:31 America/New_York] PHP Warning: mysqli::close(): Couldn't fetch mysqli in /home/username/public_html/subdomains/url/index.php on line 48
你可以看到第7行是我第一次连接数据库的地方:
$query = $conn->query("SELECT * FROM members WHERE apikey='$key' && status='Active'");
那条线路正在运行。但是,我第二次连接执行 INSERT 时,出现了上述错误:
$addshort = $conn->query("INSERT INTO short_".$redirect[0]." (redirect, apikey, url) VALUES ('".$redirect."','".$key."','".$url."')");
我盯着这段代码看了太久,是否遗漏了什么?
您的连接已关闭,在执行第一个 SELECT 语句后,表示连接提前关闭:
$conn->close();
您需要在所有查询或重新建立连接后使用 close()。第一个是更好的选择。
您正在收到用户输入 $_REQUEST['key'],这意味着您的查询已打开 SQL 注入,这将帮助您了解如何使用 [= 阻止您的代码23=]注入:How can I prevent SQL injection in PHP?
这个:
$addshort = $conn->query("INSERT ...')");
^^^^^^^
if ($conn->query($addshort) === TRUE) {
^^^^^
$addshort 是您的查询 result/handle/object,然后您尝试执行 AGAIN,但没有成功。 query() 需要一个 SQL 字符串,而您正在传递一个对象。
除此之外,您还容易受到 sql injection attacks.
的攻击