简单地从 mysql 转换为 mysqli
Simply converting from mysql to mysqli
我想知道是否有人可以指出正确的方向,将我的脚本更改为 mysqli?我完全使用 mysql 构建了下面的脚本并且它可以 完美地工作 但我后来被告知 mysql_ 已贬值,我现在需要使用 mysql我。 (在 mysql_ 消亡之前,我留下了一个充满错误的网站)。
脚本:
<?php
//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);
//This gets all the other information from the form
$name= (isset($_POST['image_author']));
$description= ($_POST['image_description']);
$pic=($_FILES['photo']['name']);
// Connects to your Database
mysql_connect("localhost", "root", "root") or die(mysql_error()) ;
mysql_select_db("image_gallery") or die(mysql_error()) ;
//Writes the information to the database
mysql_query("INSERT INTO images (image_author, image_description, image_pathname)
VALUES ('$name', '$description', '$pic'");
//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
//Tells you if its all ok
echo "The file has been uploaded, and your information has been added to the directory <p> <a href='upload.php'> Go back</a>";
}
else {
//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
?>
你有两个选择。
1- 首先,修复您的代码以 正确地 使用 mysql_*
函数。您现在 完全开放 到 SQL 注射。然后升级。
2-(首选)废弃代码,因为它是错误的且易受攻击。从更好的东西开始,比如 PDO 和准备好的查询,再也不用担心注入了。
我完全同意 Niet the Dark Absol,关于首选方法,例如面向对象的 MySQLi(或 PDO)
但是,不久前我和你处于相似的境地——这里是快速而肮脏的解决方案:
1) 建立到数据库的 MySQLi 连接,替换(注释掉)您当前的连接。
示例:
$dbuser="XXX";
$db="YYY";
$dbpass="TTTTT";
$MysqliLink = mysqli_connect("localhost", $dbuser, $dbpass, $db);
if ( ! $MysqliLink )
{
die("Connection Error (" . mysqli_connect_errno() . ") ". mysqli_connect_error());
mysqli_close($MysqliLink);
}
mysqli_set_charset($MysqliLink, "utf8");
唯一对您来说可能是新的一点是为 $MysqliLink
使用对您的网站完全独特且不太可能被意外覆盖的变量。完成并设置后,您可以进入第 2 阶段:
2)
使用以下内容搜索并替换您的整个网站:
mysql_query("
--> 变成 --> mysqli_query($MysqliLink, "
mysql_error()
--> 变成 --> mysqli_error($MysqliLink)
mysql_
--> 变成 --> mysqli_
有几个函数发生了变化,例如:
mysql_num_rows()
--> 变成 --> mysqli_num_rows($MysqliLink)
3) 作为附加说明,最好养成使用
的习惯
$valueToInputIntoSql = mysqli_real_escape_string($MysqliLink,$value);
逃避撇号之类的,虽然它不是很完美,但它大大提高了输入的安全性。
4)
我想就是这样了,从我做这件事的记忆到我继承的大约 12 个不同的网站,在整个网站范围内搜索和替换是一个巨大的节省时间的方法,如果有人提醒我要进行其他替换,我会把它们添加到这里。
祝你好运。然后也阅读 OO DB 连接。
试试这个,我用它如下。这里改db_name=你原来的数据库是
db.php(创建单独的连接文件)
$db_hostname = "localhost"; //usually "localhost be default"
$db_username = "root"; //your user name
$db_pass = "root"; //the password for your user
$db_name = "yourdatabasename"; //the name of the database
// connect to database
$db = new mysqli ($db_hostname, $db_username, $db_pass, $db_name);
if ($db->connect_error) {
trigger_error('Database connection failed: ' . $db->connect_error, E_USER_ERROR);
}
现在这是你的文件
<?php
include('db.php');
//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);
//This gets all the other information from the form
$name= (isset($_POST['image_author']));
$description= ($_POST['image_description']);
$pic=($_FILES['photo']['name']);
// Connects to your Database
mysqli_select_db($db,"image_gallery") or die(mysqli_error($db));
//Writes the information to the database
$result = mysqli_query($db,"INSERT INTO images (image_author, image_description, image_pathname) VALUES ('$name', '$description', '$pic')");
//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
//Tells you if its all ok
echo "The file has been uploaded, and your information has been added to the directory <p> <a href='upload.php'> Go back</a>";
}
else {
//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
?>
我想知道是否有人可以指出正确的方向,将我的脚本更改为 mysqli?我完全使用 mysql 构建了下面的脚本并且它可以 完美地工作 但我后来被告知 mysql_ 已贬值,我现在需要使用 mysql我。 (在 mysql_ 消亡之前,我留下了一个充满错误的网站)。
脚本:
<?php
//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);
//This gets all the other information from the form
$name= (isset($_POST['image_author']));
$description= ($_POST['image_description']);
$pic=($_FILES['photo']['name']);
// Connects to your Database
mysql_connect("localhost", "root", "root") or die(mysql_error()) ;
mysql_select_db("image_gallery") or die(mysql_error()) ;
//Writes the information to the database
mysql_query("INSERT INTO images (image_author, image_description, image_pathname)
VALUES ('$name', '$description', '$pic'");
//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
//Tells you if its all ok
echo "The file has been uploaded, and your information has been added to the directory <p> <a href='upload.php'> Go back</a>";
}
else {
//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
?>
你有两个选择。
1- 首先,修复您的代码以 正确地 使用 mysql_*
函数。您现在 完全开放 到 SQL 注射。然后升级。
2-(首选)废弃代码,因为它是错误的且易受攻击。从更好的东西开始,比如 PDO 和准备好的查询,再也不用担心注入了。
我完全同意 Niet the Dark Absol,关于首选方法,例如面向对象的 MySQLi(或 PDO)
但是,不久前我和你处于相似的境地——这里是快速而肮脏的解决方案:
1) 建立到数据库的 MySQLi 连接,替换(注释掉)您当前的连接。
示例:
$dbuser="XXX";
$db="YYY";
$dbpass="TTTTT";
$MysqliLink = mysqli_connect("localhost", $dbuser, $dbpass, $db);
if ( ! $MysqliLink )
{
die("Connection Error (" . mysqli_connect_errno() . ") ". mysqli_connect_error());
mysqli_close($MysqliLink);
}
mysqli_set_charset($MysqliLink, "utf8");
唯一对您来说可能是新的一点是为 $MysqliLink
使用对您的网站完全独特且不太可能被意外覆盖的变量。完成并设置后,您可以进入第 2 阶段:
2) 使用以下内容搜索并替换您的整个网站:
mysql_query("
--> 变成 --> mysqli_query($MysqliLink, "
mysql_error()
--> 变成 --> mysqli_error($MysqliLink)
mysql_
--> 变成 --> mysqli_
有几个函数发生了变化,例如:
mysql_num_rows()
--> 变成 --> mysqli_num_rows($MysqliLink)
3) 作为附加说明,最好养成使用
的习惯$valueToInputIntoSql = mysqli_real_escape_string($MysqliLink,$value);
逃避撇号之类的,虽然它不是很完美,但它大大提高了输入的安全性。
4) 我想就是这样了,从我做这件事的记忆到我继承的大约 12 个不同的网站,在整个网站范围内搜索和替换是一个巨大的节省时间的方法,如果有人提醒我要进行其他替换,我会把它们添加到这里。
祝你好运。然后也阅读 OO DB 连接。
试试这个,我用它如下。这里改db_name=你原来的数据库是
db.php(创建单独的连接文件)
$db_hostname = "localhost"; //usually "localhost be default"
$db_username = "root"; //your user name
$db_pass = "root"; //the password for your user
$db_name = "yourdatabasename"; //the name of the database
// connect to database
$db = new mysqli ($db_hostname, $db_username, $db_pass, $db_name);
if ($db->connect_error) {
trigger_error('Database connection failed: ' . $db->connect_error, E_USER_ERROR);
}
现在这是你的文件
<?php
include('db.php');
//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);
//This gets all the other information from the form
$name= (isset($_POST['image_author']));
$description= ($_POST['image_description']);
$pic=($_FILES['photo']['name']);
// Connects to your Database
mysqli_select_db($db,"image_gallery") or die(mysqli_error($db));
//Writes the information to the database
$result = mysqli_query($db,"INSERT INTO images (image_author, image_description, image_pathname) VALUES ('$name', '$description', '$pic')");
//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
//Tells you if its all ok
echo "The file has been uploaded, and your information has been added to the directory <p> <a href='upload.php'> Go back</a>";
}
else {
//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
?>