php警告:mysqli\u real\u escape\u string()期望参数1为mysqli,在

s4n0splo  于 2021-06-20  发布在  Mysql
关注(0)|答案(1)|浏览(329)

当我尝试登录到我的站点时,我一直遇到这个错误,我不知道如何修复它。少了什么?有人帮我编辑这个东西!
php警告:mysqli\u real\u escape\u string()只需要2个参数,1个在client\u config.php的第147行中给出
我已经尝试了几乎所有其他的解决方案张贴在这个论坛上,但似乎没有一个适合我。实际上,几乎所有其他错误都来自同一个文件,因此任何能够发现代码中任何错误的人都可以提供帮助。任何指导都将不胜感激。我目前已注销我的网站,直到这是固定的。
另外,我没有编程知识。

<?php
error_reporting( error_reporting() & ~E_NOTICE );
$GLOBALdatabase_cf = array();
$GLOBALdatabase_cf['host']          = 'localhost';
$GLOBALdatabase_cf['username']      = 'myusername';
$GLOBALdatabase_cf['password']      = 'password';
$GLOBALdatabase_cf['database']      = 'database';
$GLOBALdatabase_cf['prefix']        = 'mu_';

$GLOBALdatabase_cf['cookieName']    = 'cookiename';
$GLOBALdatabase_cf['cookieKey']     = 'cookiekey';

$connect = @mysql_connect($GLOBALdatabase_cf['host'] , $GLOBALdatabase_cf['username'] , $GLOBALdatabase_cf['password']);
if (!$connect)
{
    die ("Couldn't make connection.");
}
@mysql_select_db($GLOBALdatabase_cf['database'], $connect) or die ("Couldn't select database");
list($admin_domain_name) = mysql_fetch_row(mysql_query("select domain_name from system where site_type = 'backend'")); 

$domain_name = stripit($_SERVER['HTTP_HOST']);

$url = $_SERVER['REQUEST_URI'];
$urlParse = parse_url($url);
$path = explode('/',$urlParse ['path']);
$site_URL= get_base_url($host_this);  
$siteUrl = stripit($site_URL);

if (!defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-config.php');    
require_once(ABSPATH . 'wp-settings.php');  

if (!defined('ROOT_DIR_C') )
define('ROOT_DIR_C', dirname(__FILE__) . '/');

if (!defined('BASE_URL_C') )
define('BASE_URL_C', substr($_SERVER['PHP_SELF'], 0, - (strlen($_SERVER['SCRIPT_FILENAME']) - strlen(ROOT_DIR_C))));
define('DOWNLOAD_URL', BASE_URL_C . 'orders/download?f=');

$upload_download_dir = '/home/essaycoachonline/crownresearchcenter.com/uploads/';

list($curr_symbol) = mysql_fetch_row(mysql_query("select sys_curr from settings")); // currency symbol
list($admin_site_email) = mysql_fetch_row(mysql_query("select site_email from system where site_type = 'backend'")); 
list($admin_site_name) = mysql_fetch_row(mysql_query("select site_name from system where site_type = 'backend'")); 
list($admin_site_base_price) = mysql_fetch_row(mysql_query("select base_price from system where site_type = 'backend'")); 

$sql_site_settings = "select * from system where url = '$siteUrl'";
$result_site_settings = mysql_query($sql_site_settings) or die(mysql_error());
$row_site_settings = mysql_fetch_array($result_site_settings);

list($site_support) = mysql_fetch_row(mysql_query("select email from mu_members where role = 'sub_admin'")); 
$site_email= $row_site_settings['site_email'];
$admin_email =$row_site_settings['admin_email'];
$basePrice =$row_site_settings['base_price'];
$price_override = $row_site_settings['price_override'];

define ("SITE_HOST_NAME", $domain_name);
define ("SITE_NAME", $row_site_settings['site_name']);

$academicEmail= $admin_site_email;
define ("ACADEMIC_SITE_NAME",$admin_site_name);

$user_registration = 1;  // set 0 or 1
$writer_registration = 0;

define("COOKIE_TIME_OUT", 1); //specify cookie timeout in days (default is 10 days)
define('SALT_LENGTH', 9); // salt for password

/* Specify user levels */
define ("ADMIN_LEVEL", 5);
define ("WRITER_LEVEL", 3);
define ("CLIENT_LEVEL", 2);
define ("USER_LEVEL", 1);
define ("GUEST_LEVEL", 0);

function page_protect() {
if(!isset($_SESSION)) 
{ 
    session_start(); 
    date_default_timezone_set('Africa/Nairobi');// Africa/Nairobi
}
global $GLOBALdatabase_cf; 
/* Secure against Session Hijacking by checking user agent */
if (isset($_SESSION['HTTP_USER_AGENT']))
{
    if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
    {
        logout();
        exit;
    }
}
// before we allow sessions, we need to check authentication key - ckey and ctime stored in database
/* If session not set, check for cookies set by Remember me */
if (!isset($_SESSION['id']) && !isset($_SESSION['username']) ) 
{
    if(isset($_COOKIE['id']) && isset($_COOKIE['user_key'])){
    /* we double check cookie expiry time against stored in database */

    $cookie_user_id  = filter($_COOKIE['id']);
    $rs_ctime = mysql_query("select `ckey`,`ctime` from `mu_members` where `id` ='$cookie_user_id'") or die(mysql_error());
    list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
    // coookie expiry
    if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {

        logout();
        }
/* Security check with untrusted cookies - dont trust value stored in cookie.       
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/

     if( !empty($ckey) && is_numeric($_COOKIE['id']) && isUserID($_COOKIE['username']) && $_COOKIE['user_key'] == sha1($ckey)  ) {
          session_regenerate_id(); //against session fixation attacks.

         date_default_timezone_set('Africa/Nairobi');// Africa/Nairobi

          $_SESSION['id'] = $_COOKIE['id'] ;
          $_SESSION['username'] = $_COOKIE['username'];

        /* query user level from database instead of storing in cookies */  
          list($user_level) = mysql_fetch_row(mysql_query("select user_level from mu_members where id='$_SESSION[id]'"));
          $_SESSION['user_level'] = $user_level;    

    $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
       } else {
       logout();
       }
  } else {
    header("Location: ../login/");
    exit();
    }
}
}

function filter($data) {
if(is_scalar($data))
{
   $data = trim(htmlentities(strip_tags($data)));
}
    if (get_magic_quotes_gpc())
        $data = stripslashes($data);

if(is_scalar($data))
{   
    $data = mysql_real_escape_string($data);**--->Line 147**
}   
    return $data;
}

function EncodeURL($url)
{
$new = strtolower(ereg_replace(' ','_',$url));
return($new);
}

function DecodeURL($url)
{
$new = ucwords(ereg_replace('_',' ',$url));
return($new);
}

function ChopStr($str, $len) 
{
    if (strlen($str) < $len)
        return $str;

    $str = substr($str,0,$len);
    if ($spc_pos = strrpos($str," "))
            $str = substr($str,0,$spc_pos);

    return $str . "...";
}   

function isNum($price){
return preg_match("/[^0-9]/", "",$price)? TRUE : FALSE;
}

function isEmail($email){
  return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
}

function isUserID($username)
{
    if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
        return true;
    } else {
        return false;
    }
 }  

function isURL($url) 
{
    if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
        return true;
    } else {
        return false;
    }
} 

function checkPwd($x,$y) 
{
if(empty($x) || empty($y) ) { return false; }
if (strlen($x) < 4 || strlen($y) < 4) { return false; }

if (strcmp($x,$y) != 0) {
 return false;
 } 
return true;
}

function GenPwd($length = 7)
{
  $password = "";
  $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels

  $i = 0; 

  while ($i < $length) { 

    $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);

    if (!strstr($password, $char)) { 
      $password .= $char;
      $i++;
    }

  }

  return $password;

}

function GenKey($length = 7)
{
  $password = "";
  $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; 

  $i = 0; 

  while ($i < $length) { 

    $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);

    if (!strstr($password, $char)) { 
      $password .= $char;
      $i++;
    }

  }

  return $password;

}
function rand_my_string( $length ) {
    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";  
    $size = strlen( $chars );
    for( $i = 0; $i < $length; $i++ ) {
        $str .= $chars[ rand( 0, $size - 1 ) ];
    }
    return $str;
}

function logout()
{
global $GLOBALdatabase_cf;
session_start();
if(isset($_SESSION['id']) || isset($_COOKIE['id'])) {
mysql_query("update `mu_members` 
            set `ckey`= '', `ctime`= '' 
            where `id`='$_SESSION[id]' OR  `id` = '$_COOKIE[id]'") or die(mysql_error());
}           
/************Delete the sessions****************/
unset($_SESSION['id']);
unset($_SESSION['username']);
unset($_SESSION['email']);
unset($_SESSION['user_level']);
unset($_SESSION['writer']);
unset($_SESSION['HTTP_USER_AGENT']);
session_unset();
session_destroy(); 

/* Delete the cookies*******************/
setcookie("id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("username", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");

$lg= 'You are now logged out';
header("Location: login/?sign=$lg");
}
// Password and salt generation
function PwdHash($pwd, $salt = null)
{
    if ($salt === null)     {
        $salt = substr(md5(uniqid(rand(), true)), 0, 9);
    }
    else     {
        $salt = substr($salt, 0, 9);
    }
    return $salt . sha1($pwd . $salt);
}
function checkAdmin() { //admin

if($_SESSION['user_level'] == ADMIN_LEVEL) {
return 1;
} else { return 0 ;
}
}

function checkWriter() { //writer

if($_SESSION['user_level'] == WRITER_LEVEL) {
return 1;
} else { return 0 ;
}
}

function checkClient() { //client
if($_SESSION['user_level'] == CLIENT_LEVEL) {
return 1;
} else { return 0 ;
}
}

function ShortenText($text) {
        $chars = 30;
        $text = $text." ";
        $text = substr($text,0,$chars);
        $text = substr($text,0,strrpos($text,' ')).'.....';

        return $text;

    }
//
function dateDiff($time1, $time2, $precision = 6) {

    // If not numeric then convert texts to unix timestamps
    if (!is_int($time1)) {
      $time1 = strtotime($time1);
    }
    if (!is_int($time2)) {
      $time2 = strtotime($time2);
    }

    // If time1 is bigger than time2
    // Then swap time1 and time2
   if ($time1 > $time2) {
     $ttime = $time1;
    $time1 = $time2;
     $time2 = $ttime;
    }

    // Set up intervals and diffs arrays
    $intervals = array('year','month','day','hour','minute','second');
    $diffs = array();

    // Loop thru all intervals
    foreach ($intervals as $interval) {
      // Set default diff to 0
      $diffs[$interval] = 0;
      // Create temp time from time1 and interval
      $ttime = strtotime("+1 " . $interval, $time1);
      // Loop until temp time is smaller than time2
      while ($time2 >= $ttime) {
    $time1 = $ttime;
    $diffs[$interval]++;
    // Create new temp time from time1 and interval
    $ttime = strtotime("+1 " . $interval, $time1);
      }
    }

    $count = 0;
    $times = array();
    // Loop thru all diffs
    foreach ($diffs as $interval => $value) {
      // Break if we have needed precission
      if ($count >= $precision) {
    break;
      }
      // Add value and interval 
      // if value is bigger than 0
      if ($value > 0) {
    // Add s if value is not 1
    if ($value != 1) {
      $interval .= "s";
    }
    // Add value and interval to times array
    $times[] = $value . " " . $interval;
    $count++;
      }
    }
    // Return string with times
    return implode(", ", $times);
  }
//
function get_base_url()
    {
        /* protocol the website is using */
        $protocol = strtolower(substr($_SERVER["SERVER_PROTOCOL"], 0, 5)) == 'https' ? 'https://' : 'http://';
        /* returns /myproject/index.php */
        $path = $_SERVER['PHP_SELF'];

        $path_parts = pathinfo($path);
        $directory = $path_parts['dirname'];

        $directory = ($directory == "/") ? "" : $directory;

        /* Returns localhost OR mysite.com */
        $host_this = $_SERVER['HTTP_HOST'];
        return $protocol . $host_this ;
    }

function stripit ( $url ) {
    $url = trim($url);
    $url = preg_replace("/^(http:\/\/)*(www.)*/is", "", $url);
    $url = preg_replace("/\/.*$/is" , "" ,$url);
    return $url;
    }   
?>
qyyhg6bp

qyyhg6bp1#

您在评论中提到您使用的是PHP7.2,因此使用任何 mysql_ 函数,因为此扩展自5.5以来已被弃用。
您应该尝试使用mysqli或pdo。
你在截图上显示你试过用 mysqli_real_escape_string 直线函数 147 它有两个参数:1-mysqli连接,2-要转义的字符串( $data )
你是这样做的: $data = mysqli_real_escape_string($_GLOBALS['$con'], $data); 你有两个问题 $_GLOBALS['$con'] 应该是的 $GLOBALS['con'] :不带下划线的globals变量 _ 不带“$”的键。
所以你应该换条线 147 使用: $data = mysqli_real_escape_string($GLOBALS['con'], $data); 我也不知道globals变量是否是获取变量的最安全的方法!

相关问题