Akatsukiro/XF_Index
1
0
Fork 0
forked from XiaoLFeng/XF_Index
Code Pull Requests Activity

数据库漏洞修复

Browse Source
This commit is contained in:
筱锋xiao_lfeng 2023-05-02 14:40:45 +08:00
parent 6eb558f989
commit 909cd1e0dc
1 changed files with 24 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
Class/Sql.php
View File

@ -10,19 +10,20 @@ class Sql
/** /**
* @return false|mysqli * @return false|mysqli
*/ */
public static function MySqlConn() { public static function MySqlConn()
{
// 从文件获取数据 // 从文件获取数据
$Array_ConfigData = null; $Array_ConfigData = null;
$FileData = fopen(dirname(__FILE__,3)."/setting.inc.json",'r'); $FileData = fopen(dirname(__FILE__, 2) . "/setting.inc.json", 'r');
while (!feof($FileData)) while (!feof($FileData))
$Array_ConfigData .= fgetc($FileData); $Array_ConfigData .= fgetc($FileData);
$Array_ConfigData = json_decode($Array_ConfigData,JSON_UNESCAPED_UNICODE); $Array_ConfigData = json_decode($Array_ConfigData, JSON_UNESCAPED_UNICODE);
fclose($FileData); fclose($FileData);
//判断数据库端口 //判断数据库端口
if($Array_ConfigData['Mysql']['Port'] == 3306 or $Array_ConfigData['Mysql']['Port'] == NULL) $Array_ConfigData['Mysql']['Port'] = 3306; if ($Array_ConfigData['Mysql']['Port'] == 3306 or $Array_ConfigData['Mysql']['Port'] == NULL) $Array_ConfigData['Mysql']['Port'] = 3306;
return mysqli_connect($Array_ConfigData['Mysql']['Host'],$Array_ConfigData['Mysql']['Username'],$Array_ConfigData['Mysql']['Password'],null,$Array_ConfigData['Mysql']['Port']); return mysqli_connect($Array_ConfigData['Mysql']['Host'], $Array_ConfigData['Mysql']['Username'], $Array_ConfigData['Mysql']['Password'], null, $Array_ConfigData['Mysql']['Port']);
} }
/** /**
@ -30,27 +31,21 @@ public static function MySqlConn() {
* @param string $Mysql_Query * @param string $Mysql_Query
* @return string[] 查找到结果返回结果 * @return string[] 查找到结果返回结果
*/ */
public static function SELECT(string $Mysql_Query): array { public static function SELECT(string $Mysql_Query): array
$Array_Push = null; {
$Array_OutPut = [ $CC_i = 0;
'output'=>null, $Array_OutPut = [];
'data'=>$Array_Push, if (preg_match('/^SELECT/', $Mysql_Query)) {
]; $Result = mysqli_query(self::MySqlConn(), $Mysql_Query);
if (preg_match('/^SELECT/',$Mysql_Query)) { for (; $Result_Object = mysqli_fetch_object($Result); $CC_i++) {
$Result = mysqli_query(self::MySqlConn(),$Mysql_Query); $Array_OutPut['output'] = 'Success';
for ($CC_i = 0; $Result_Object = mysqli_fetch_object($Result); $CC_i++) { $Array_OutPut['data'][$CC_i] = $Result_Object;
if ($CC_i == 0 && empty($Result_Object)) {
$Array_OutPut['output'] = 'EmptyResult';
return $Array_OutPut;
} else {
$Array_Push[$CC_i] = $Result_Object;
}
} }
return $Array_OutPut; if ($CC_i == 0)
} else { $Array_OutPut['output'] = 'EmptyResult';
} else
$Array_OutPut['output'] = 'TypeError'; $Array_OutPut['output'] = 'TypeError';
return $Array_OutPut; return $Array_OutPut;
}
} }
/** /**
@ -58,11 +53,11 @@ public static function SELECT(string $Mysql_Query): array {
* @param string $Mysql_Query * @param string $Mysql_Query
* @return bool * @return bool
*/ */
public static function INSERT(string $Mysql_Query): bool { public static function INSERT(string $Mysql_Query): bool
if (preg_match('/^INSERT/',$Mysql_Query)) { {
return mysqli_query(self::MySqlConn(),$Mysql_Query); if (preg_match('/^INSERT/', $Mysql_Query))
} else { return mysqli_query(self::MySqlConn(), $Mysql_Query);
else
return false; return false;
}
} }
} }