0
,我发现了以下错误非对象:调用一个成员函数escape_string()
Fatal error: Call to a member function escape_string() on a non-object
在代码:
$pass = $_GET['pass'];
$user = $_GET['user'];
//$id = $_GET['uid'];
echo "u: ".$user." pass: ".$pass;
echo "</br>TEST";
//$check = validate_password_from_uid($id, $pass);
$check = validate_password_from_username($user, $pass);
echo "validation: </br>";
if (is_array($check)){
echo "<pre>";
print_r($check);
echo "</pre>";
}else{
var_dump($check);
}
这里是validate_password_from_username
:
function validate_password_from_username($username, $password)
{
global $db, $mybb;
$username = $db->escape_string(strtolower($username));
switch($mybb->settings['username_method'])
{
case 0:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."'", array('limit' => 1));
break;
case 1:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(email)='".$username."'", array('limit' => 1));
break;
case 2:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."' OR LOWER(email)='".$username."'", array('limit' => 1));
break;
default:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."'", array('limit' => 1));
break;
}
$user = $db->fetch_array($query);
if(!$user['uid'])
{
return false;
}
else
{
return validate_password_from_uid($user['uid'], $password, $user);
}
}
错误与$db->escape_string
部件所在的行67有关。我应该改变什么?
你在期待'global $ db'是一个对象,但显然它不是,在你打电话的时候。 (这是PHP中'global'的问题,你永远不知道你得到了什么。) – lxg 2014-09-10 20:53:11
@AdamSinclair $ db-> escape_string – Joscplan 2014-09-10 20:54:51
使用预处理语句而不是连接SQL。 – siride 2014-09-10 20:59:28