简单地从 mysql 转换为 mysqli

Simply converting from mysql to mysqli

我想知道是否有人可以指出正确的方向,将我的脚本更改为 mysqli?我完全使用 mysql 构建了下面的脚本并且它可以 完美地工作 但我后来被告知 mysql_ 已贬值,我现在需要使用 mysql我。 (在 mysql_ 消亡之前,我留下了一个充满错误的网站)。

脚本:

<?php

//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);

//This gets all the other information from the form
$name= (isset($_POST['image_author']));
$description= ($_POST['image_description']);
$pic=($_FILES['photo']['name']);


// Connects to your Database
mysql_connect("localhost", "root", "root") or die(mysql_error()) ;
mysql_select_db("image_gallery") or die(mysql_error()) ;

//Writes the information to the database
mysql_query("INSERT INTO images (image_author, image_description, image_pathname)
VALUES ('$name', '$description', '$pic'");

//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

//Tells you if its all ok
echo "The file has been uploaded, and your information has been added to the directory <p> <a href='upload.php'> Go back</a>";
}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
?>

你有两个选择。

1- 首先,修复您的代码以 正确地 使用 mysql_* 函数。您现在 完全开放 到 SQL 注射。然后升级。

2-(首选)废弃代码,因为它是错误的且易受攻击。从更好的东西开始,比如 PDO 和准备好的查询,再也不用担心注入了。

我完全同意 Niet the Dark Absol,关于首选方法,例如面向对象的 MySQLi(或 PDO)

但是,不久前我和你处于相似的境地——这里是快速而肮脏的解决方案:

1) 建立到数据库的 MySQLi 连接,替换(注释掉)您当前的连接。

示例:

$dbuser="XXX";
$db="YYY";
$dbpass="TTTTT";
$MysqliLink = mysqli_connect("localhost", $dbuser, $dbpass, $db);
if ( ! $MysqliLink )
    {
    die("Connection Error (" . mysqli_connect_errno() . ") ". mysqli_connect_error());
    mysqli_close($MysqliLink);
    }
mysqli_set_charset($MysqliLink, "utf8");

唯一对您来说可能是新的一点是为 $MysqliLink 使用对您的网站完全独特且不太可能被意外覆盖的变量。完成并设置后,您可以进入第 2 阶段:

2) 使用以下内容搜索并替换您的整个网站:

mysql_query(" --> 变成 --> mysqli_query($MysqliLink, "

mysql_error() --> 变成 --> mysqli_error($MysqliLink)

mysql_ --> 变成 --> mysqli_

有几个函数发生了变化,例如: mysql_num_rows() --> 变成 --> mysqli_num_rows($MysqliLink)

3) 作为附加说明,最好养成使用

的习惯
$valueToInputIntoSql = mysqli_real_escape_string($MysqliLink,$value);

逃避撇号之类的,虽然它不是很完美,但它大大提高了输入的安全性。

4) 我想就是这样了,从我做这件事的记忆到我继承的大约 12 个不同的网站,在整个网站范围内搜索和替换是一个巨大的节省时间的方法,如果有人提醒我要进行其他替换,我会把它们添加到这里。

祝你好运。然后也阅读 OO DB 连接。

试试这个,我用它如下。这里改db_name=你原来的数据库是

db.php(创建单独的连接文件)

$db_hostname = "localhost";  //usually "localhost be default"
$db_username = "root";  //your user name
$db_pass = "root";  //the password for your user
$db_name = "yourdatabasename";  //the name of the database

// connect to database
$db = new mysqli ($db_hostname, $db_username, $db_pass, $db_name);
if ($db->connect_error) {
trigger_error('Database connection failed: '  . $db->connect_error,   E_USER_ERROR);
}

现在这是你的文件

<?php
include('db.php');
//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);

//This gets all the other information from the form
$name= (isset($_POST['image_author']));
$description= ($_POST['image_description']);
$pic=($_FILES['photo']['name']);


// Connects to your Database
mysqli_select_db($db,"image_gallery") or die(mysqli_error($db)); 

//Writes the information to the database
$result = mysqli_query($db,"INSERT INTO images (image_author, image_description, image_pathname) VALUES ('$name', '$description', '$pic')");

//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

//Tells you if its all ok
echo "The file has been uploaded, and your information has been added to the directory <p> <a href='upload.php'> Go back</a>";
}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
?>