如何从另一个文件 php 验证 mysql 数据库连接
How verify mysql database connection from another file php
我创建了一个表单,用户可以在其中添加他的数据库名称、用户名、密码和主机。然后该表单创建一个配置文件并添加用户数据库详细信息。表单位于根目录中,配置文件位于 root/includes 中。我想知道如何从表单文件验证数据库连接。如果连接成功,他可以继续下一步,如果不成功,我想显示错误。
表格
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['db-details']) {
$dbName = $_POST['dbName'];
$dbUsername = $_POST['dbUsername'];
$dbPassword = $_POST['dbPassword'];
$dbHost = $_POST['dbHost'];
$phConfigFile = 'includes/ph_config.php';
file_put_contents($phConfigFile, $phConfigData);
}
配置
<?php
define("DB_HOST", "[dbHost]");
define("DB_USER", "[dbUsername]");
define("DB_PASS", "[dbPassword]");
define("DB_NAME", "[dbName]");
$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
所以如果我没听错,你想知道用户输入的数据是否真的有效以连接到服务器。不验证它。
您可以包含刚刚编写的文件并进行测试。
只需确保您在包含后使用相同的变量名。
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['db-details']) {
$dbName = $_POST['dbName'];
$dbUsername = $_POST['dbUsername'];
$dbPassword = $_POST['dbPassword'];
$dbHost = $_POST['dbHost'];
$phConfigFile = 'includes/ph_config.php';
file_put_contents($phConfigFile, $phConfigData);
include($phConfigFile);
if ($connection->connect_errno) {
//data for the connection isn't valid
echo "Failed to connect to MySQL: " . $connection->connect_error;
exit();
}
}
您确实希望在创建配置文件之前检查连接,因此一旦创建您就知道它会起作用
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['db-details']) {
$dbName = $_POST['dbName'];
$dbUsername = $_POST['dbUsername'];
$dbPassword = $_POST['dbPassword'];
$dbHost = $_POST['dbHost'];
// use error supression so you get to process the error rather
// than PHP throwing an error
$connection = @mysqli_connect($_POST['dbHost'],
$_POST['dbUsername'],
$_POST['dbPassword'],
$_POST['dbName']);
if ( ! $connection ) {
// do whatever you need to when the information passed does not work
exit;
}
// must be valid as we connected
$str = '<?php' . PHP_EOL;
$str .= 'define("DB_HOST", "' . $_POST['dbHost'] . '");' . PHP_EOL;
$str .= 'define("DB_USER", "' . $_POST['dbUsername'] . '");' . PHP_EOL;
$str .= 'define("DB_PASS", "' . $_POST['dbPassword'] . '");' . PHP_EOL;
$str .= 'define("DB_NAME", "' . $_POST['dbName'] . '");' . PHP_EOL;
$str .= '$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);' . PHP_EOL;
// create the config file in all confidence that the values will work
file_put_contents($phConfigFile, $str);
}
这与 RiggsFolly 的回答相同,但有所改进。
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['db-details'])) {
try {
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$connection = new mysqli(
$_POST['dbHost'],
$_POST['dbUsername'],
$_POST['dbPassword'],
$_POST['dbName']
);
$DBconfig = [
'dbHost' => $_POST['dbHost'],
'dbUsername' => $_POST['dbUsername'],
'dbPassword' => $_POST['dbPassword'],
'dbName' => $_POST['dbName']
];
// generate the config file
$contents = '<?php' . PHP_EOL;
$contents .= '$DBconfig = ' . var_export($DBconfig, true) . ';' . PHP_EOL;
$contents .= 'mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);' . PHP_EOL;
$contents .= '$connection = new mysqli(
$DBconfig["dbHost"],
$DBconfig["dbUsername"],
$DBconfig["dbPassword"],
$DBconfig["dbName"]
);';
echo $contents;
} catch (\Exception $e) {
// echo error message here and show the same form.
}
}
基本上,您应该不惜一切代价避免使用错误抑制运算符。值得庆幸的是 PHP 有异常,可以捕获和处理。
如果没有例外,您可以将连接详细信息放在一个数组中,然后将该数组导出到一个字符串中。生成连接文件并保存。
我要改进的另一件事是将其封装在一个函数中,以防止配置细节泄露。
// generate the config file
$contents = '<?php' . PHP_EOL;
$contents .= 'function db_connect():\mysqli { '. PHP_EOL;
$contents .= '$DBconfig = ' . var_export($DBconfig, true) . ';' . PHP_EOL;
$contents .= 'mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);' . PHP_EOL;
$contents .= 'return new mysqli(
$DBconfig["dbHost"],
$DBconfig["dbUsername"],
$DBconfig["dbPassword"],
$DBconfig["dbName"]
);';
$contents .= PHP_EOL;
$contents .= '}'.PHP_EOL;
$contents .= '$connection = db_connect();'.PHP_EOL;
echo $contents;
我创建了一个表单,用户可以在其中添加他的数据库名称、用户名、密码和主机。然后该表单创建一个配置文件并添加用户数据库详细信息。表单位于根目录中,配置文件位于 root/includes 中。我想知道如何从表单文件验证数据库连接。如果连接成功,他可以继续下一步,如果不成功,我想显示错误。
表格
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['db-details']) {
$dbName = $_POST['dbName'];
$dbUsername = $_POST['dbUsername'];
$dbPassword = $_POST['dbPassword'];
$dbHost = $_POST['dbHost'];
$phConfigFile = 'includes/ph_config.php';
file_put_contents($phConfigFile, $phConfigData);
}
配置
<?php
define("DB_HOST", "[dbHost]");
define("DB_USER", "[dbUsername]");
define("DB_PASS", "[dbPassword]");
define("DB_NAME", "[dbName]");
$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
所以如果我没听错,你想知道用户输入的数据是否真的有效以连接到服务器。不验证它。
您可以包含刚刚编写的文件并进行测试。
只需确保您在包含后使用相同的变量名。
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['db-details']) {
$dbName = $_POST['dbName'];
$dbUsername = $_POST['dbUsername'];
$dbPassword = $_POST['dbPassword'];
$dbHost = $_POST['dbHost'];
$phConfigFile = 'includes/ph_config.php';
file_put_contents($phConfigFile, $phConfigData);
include($phConfigFile);
if ($connection->connect_errno) {
//data for the connection isn't valid
echo "Failed to connect to MySQL: " . $connection->connect_error;
exit();
}
}
您确实希望在创建配置文件之前检查连接,因此一旦创建您就知道它会起作用
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['db-details']) {
$dbName = $_POST['dbName'];
$dbUsername = $_POST['dbUsername'];
$dbPassword = $_POST['dbPassword'];
$dbHost = $_POST['dbHost'];
// use error supression so you get to process the error rather
// than PHP throwing an error
$connection = @mysqli_connect($_POST['dbHost'],
$_POST['dbUsername'],
$_POST['dbPassword'],
$_POST['dbName']);
if ( ! $connection ) {
// do whatever you need to when the information passed does not work
exit;
}
// must be valid as we connected
$str = '<?php' . PHP_EOL;
$str .= 'define("DB_HOST", "' . $_POST['dbHost'] . '");' . PHP_EOL;
$str .= 'define("DB_USER", "' . $_POST['dbUsername'] . '");' . PHP_EOL;
$str .= 'define("DB_PASS", "' . $_POST['dbPassword'] . '");' . PHP_EOL;
$str .= 'define("DB_NAME", "' . $_POST['dbName'] . '");' . PHP_EOL;
$str .= '$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);' . PHP_EOL;
// create the config file in all confidence that the values will work
file_put_contents($phConfigFile, $str);
}
这与 RiggsFolly 的回答相同,但有所改进。
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['db-details'])) {
try {
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$connection = new mysqli(
$_POST['dbHost'],
$_POST['dbUsername'],
$_POST['dbPassword'],
$_POST['dbName']
);
$DBconfig = [
'dbHost' => $_POST['dbHost'],
'dbUsername' => $_POST['dbUsername'],
'dbPassword' => $_POST['dbPassword'],
'dbName' => $_POST['dbName']
];
// generate the config file
$contents = '<?php' . PHP_EOL;
$contents .= '$DBconfig = ' . var_export($DBconfig, true) . ';' . PHP_EOL;
$contents .= 'mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);' . PHP_EOL;
$contents .= '$connection = new mysqli(
$DBconfig["dbHost"],
$DBconfig["dbUsername"],
$DBconfig["dbPassword"],
$DBconfig["dbName"]
);';
echo $contents;
} catch (\Exception $e) {
// echo error message here and show the same form.
}
}
基本上,您应该不惜一切代价避免使用错误抑制运算符。值得庆幸的是 PHP 有异常,可以捕获和处理。
如果没有例外,您可以将连接详细信息放在一个数组中,然后将该数组导出到一个字符串中。生成连接文件并保存。
我要改进的另一件事是将其封装在一个函数中,以防止配置细节泄露。
// generate the config file
$contents = '<?php' . PHP_EOL;
$contents .= 'function db_connect():\mysqli { '. PHP_EOL;
$contents .= '$DBconfig = ' . var_export($DBconfig, true) . ';' . PHP_EOL;
$contents .= 'mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);' . PHP_EOL;
$contents .= 'return new mysqli(
$DBconfig["dbHost"],
$DBconfig["dbUsername"],
$DBconfig["dbPassword"],
$DBconfig["dbName"]
);';
$contents .= PHP_EOL;
$contents .= '}'.PHP_EOL;
$contents .= '$connection = db_connect();'.PHP_EOL;
echo $contents;