如何将我的PHP 4.0登录脚本升级到PHP 5.6？下面

Question

我的脚本工作完美的PHP 4.0，但我的ISP升级到PHP 5.6，现在似乎有一些错误（它不连接到MySQL等），任何帮助表示赞赏

非常感谢

<?php 
$userdb="var1"; 
$pass="var2"; 
$database="var3"; 

mysql_connect("sql.servername.com",$userdb,$pass); 
@mysql_select_db($database) or die (header('location: status4.htm')); 
$match = "select id from USER_ACCOUNTS where username = '$username' and password = '$password'"; 
$qry = mysql_query($match) 
or die (header('location: status.htm?status=9')); 
$num_rows = mysql_num_rows($qry); 

// Valid Username and Password 
if ($num_rows > 0) { 
$qry = "SELECT * FROM USER_ACCOUNTS WHERE username like '%" . $username . "%'"; 
$res = mysql_query($qry); 
$output=''; 
while($row = mysql_fetch_assoc($res)){ 
// loop through all returned results 
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4']; 
echo "&status=1"; 
echo $output; 
} 
} 
?> 

这里是MySQL 4.0表

id viewUsername viewPassword username password name title email admin file file2 file3 file4 


1         user1  pass123  USER1 Manager email1 1  file1 file2 file3 file4 

Answer 1

在这里你去例如使用PDO预处理语句

<?php 

error_reporting(1); 
ini_set('display_errors', '1'); 

// mysql connection 
$db_host = 'localhost'; 
$db_user = 'root'; 
$db_pass = ''; 
$db_name = 'mydatabase'; 

$dbh = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset=utf8', $db_user, $db_pass); 

// submit form 
if (isset($_POST['submit'])) 
{ 

    $username = $_POST['username']; 
    $password = $_POST['password']; 

    $stmt = $dbh->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = :username AND password = :password"); 
    $stmt->bindParam(':username', $username); 
    $stmt->bindParam(':password', $password); 
    $stmt->execute(); 
    $number_of_rows = $stmt->fetchColumn(); 

    // Valid Username and Password 
    if ($number_of_rows > 0) 
    { 
     $row = $stmt->fetchAll(); 

     $output = ''; 

     while($row) 
     { 
      // loop through all returned results 
      $output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4']; 
      echo "&status=1"; 
      echo $output; 
     } 
    } 

} 

?> 

和HTML表单

<form action="" method="post"> 
    <input type="text" name="username" placeholder="Username"><br /> 
    <input type="password" name="password" placeholder="Password"><br /> 
    <input type="submit" name="submit" value="Login"> 
</form> 

更新

<?php 

error_reporting(1); 
ini_set('display_errors', '1'); 

// mysql connection 
$db_host = 'localhost'; 
$db_user = 'root'; 
$db_pass = ''; 
$db_name = 'mydatabase'; 

$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name); 

/* check connection */ 
if (mysqli_connect_errno()) 
{ 
    echo "Connect failed: " . mysqli_connect_error(); 
    exit(); 
} 

// submit form 
if (isset($_POST['submit'])) 
{ 

    $username = $_POST['username']; 
    $password = $_POST['password']; 

    /* create a prepared statement */ 
    if ($stmt = $mysqli->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = ? AND password = ?")) 
    { 
     /* bind parameters for markers */ 
     $stmt->bind_param("s", $username); 
     $stmt->bind_param("s", $password); 

     /* execute query */ 
     $stmt->execute(); 

     $number_of_rows = $stmt->rowCount(); 

     // Valid Username and Password 
     if ($number_of_rows > 0) 
     { 
      $row = $stmt->fetchAll(); 

      $output = ''; 

      while($row) 
      { 
       // loop through all returned results 
       $output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4']; 
       echo "&status=1"; 
       echo $output; 
      } 
     } 

     /* close statement */ 
     $stmt->close(); 
    } 
} 
$mysqli->close(); 
?> 

并尝试这个

<?php 

error_reporting(1); 
ini_set('display_errors', '1'); 


$conn = mysqli_connect('host', 'username', 'password', 'table name'); 

/* check connection */ 
if (mysqli_connect_errno()) 
{ 
    echo "Connect failed: " . mysqli_connect_error(); 
    exit(); 
} 

// submit form 
if (isset($_POST['submit'])) 
{ 

    $username = $_POST['username']; 
    $password = $_POST['password']; 

    $query = mysqli_query($conn, "SELECT * FROM USER_ACCOUNTS WHERE username = '$username' AND password = '$password'"); 

    if ($query) 
    { 
     // Valid Username and Password 
     if (mysqli_row_count($query) > 0) 
     { 
      $row = mysqli_fetch_array($query); 

      $output = ''; 

      while($row) 
      { 
       // loop through all returned results 
       $output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4']; 
       echo "&status=1"; 
       echo $output; 
      } 
     } 
    } 
} 

?> 

Answer 2

我猜想，你的旧版本，您必须启用register_globals，从而在$username和$password你getti直接从表单发布的内容，这已不再发生。

快速的解决办法是在PHP代码的开头添加：

$username = $_REQUEST['username']; $password = $_REQUEST['password'];

话虽这么说，在你的每行代码尖叫不良做法和可能存在的漏洞。如果您在高效的网站上使用该功能，我强烈建议您获得一些完整改造方面的帮助。