时间戳

首页 > 解决方案 > 无法使用 REGEX 获取 PHP 脚本名称

php - 无法使用 REGEX 获取 PHP 脚本名称

问题描述

我面临着很大的挑战。我的函数where()可以跟踪用户在网站上的访问位置,并获取脚本文件名并提供描述并插入数据库。

直到最近,该脚本运行良好,并且在最近从MySQL 5.6.405.6.47

我不确定这是否与它有关,但几天后我发现它不再起作用了。

我们的功能:

function where($scriptname = "index", $userid, $update=1){
    if (!is_valid_id($userid))
        die;

    if (preg_match("/details.php/i", $scriptname))
        $where = "Browsing File Details (ID $_GET[id])";
    elseif (preg_match("/files.php/i", $scriptname))
        $where = "Browsing Files";
    elseif (preg_match("/account-info.php/i", $scriptname))
        $where = "Browsing Account Info (ID $_GET[id])";
    elseif (preg_match("/upload.php/i", $scriptname))
        $where = "Uploading File";
    elseif (preg_match("/account.php/i", $scriptname))
        $where = "Browsing User Control Panel";
    elseif (preg_match("/search.php/i", $scriptname))
        $where = "Searching For Files";
    elseif (preg_match("/forums.php/i", $scriptname))
        $where = "Viewing Forums";
    elseif (preg_match("/index.php/i", $scriptname))
        $where = "Browsing Homepage";
    elseif (preg_match("/mailbox.php/i", $scriptname))
        $where = "Viewing Messages";
    elseif (preg_match("/comments.php/i", $scriptname))
        $where = "Viewing Comments";
    elseif (preg_match("/recover.php/i", $scriptname))
        $where = "Recovering Account";
    elseif (preg_match("/bookmarks.php/i", $scriptname))
        $where = "Viewing Bookmarks";
    elseif (preg_match("/getfile.php/i", $scriptname))
        $where = "Downloaded File (ID $_GET[id])";
    elseif (preg_match("/faq.php/i", $scriptname))
        $where = "Reading FAQ Page";
    elseif (preg_match("/friends.php/i", $scriptname))
        $where = "Viewing Friends";
    elseif (preg_match("/admin.php/i", $scriptname))
        $where = "Managing Admin Panel";
    else
        $where = "Unknown Location";

    if ($update) {
        // Worked until a few days ago. No site changes were made prior for quite some time. 
        //$query = sprintf("UPDATE users SET page=".sqlesc($where)." WHERE id ='%s'", mysql_real_escape_string($userid)); 
        // Now using line below, which does insert into row if I use my own variable. 
        $query = "UPDATE users SET last_access='" . get_date_time() . "', page=" . sqlesc($where) . " WHERE id=" . $userid;
        $result = SQL_Query_exec($query);
    }
        return $where;
}

现在,我尝试使用以下代码将其缩小到导致它的原因。目前,上面的函数只插入

未知位置

到数据库,无论查看哪个页面。

我把它归结为:

$stringtest = "This inserts into database!";
$query = "UPDATE users SET last_access='" . get_date_time() . "', page=" . sqlesc($stringtest) . " WHERE id=" . $userid;

这很好用,但它没有通过任何$where条件。

我尝试了各种正则表达式来匹配文件名,但无济于事。

知道我做错了什么吗?

提前致谢!

标签: phpmysqlregexpreg-match

解决方案

如上所述,对于 SQL 部分,请使用准备好的语句。

假设$scriptname保存文件名,没有扩展名,而不是绝对路径,并且基于提供的代码,我认为那里没有很大的需要preg_match()。只要简单switch ... case就行。

更好的是,如果您想要一个带有描述的可管理位置列表(无论如何您每次都重复使用它们),您可以拥有如下关联数组(可以由单独的函数返回)并执行以下操作:

$locations = array(
  'index' => 'Browsing Homepage', 
  'forums' => 'Browsing Homepage,
  //  and so on for all of your files
);

// And to get the description - assuming case matters, otherwise use strtolower()
$desc = isset($locations[$scriptname]) ? $locations[$scriptname] : 'Unknown Location';

推荐阅读