很优雅的语言
怎么被写成这样
sql那块 尽量使用pdo
实在不习惯 使用sql的封装也可以的 比如 adodb 封装好的
<?php
if(isset($_POST['search'])) {
$query0 = mysqli_escape_string($_POST['search']);
$search = "AND url LIKE %".$query0."%";
} else {
die('lost keyword!!!');
}
$sql0 = "SELECT COUNT(*) AS row from sqlmap where hash !='' ".$search." AND userhash = ".$hash." ORDER BY PR DESC";
$query = mysqli_query($conn,$sql0);
while( $row=mysqli_fetch_array($query) ){
if($row['status']=='running') {
$class='active';
} else{
$class='success';
}
@preg_match_all('/ => \'(.*)\n\'/',$row['data'],$match);
$num = count($match['1']) -1;
$last=$match[$num];
$key=$row['key'];
$stat=$row['status'];
$url=$row['url'];
$pr=$row['pr'];
$dbtype=$row['dbtype'];
$node=$row['apiserver'];
if(stripos($last,"back-end") and stripos($last,"--dbms") == false) {
$class='danger';
$stat='Inject';
$sql1 = "update sqlmap set status='".$stat."' where key = '".$key."' and userhash= '".$hash."'";
mysqli_query($conn,$sql1);
}
preg_match_all('/ => \'(.*)\n\'/',$row['data'],$match);
$data='';
foreach($match['1'] as $m){
$m=stripcslashes($m);
$data.=$m."\n";
}
if(@$_GET['vul'] == '1' and $stat !='Inject'){
//echo $stat."<br>";
$echo=0;
} else {
$echo=1;
}
if($echo) {
?>
<tr class="<?php echo $class; ?>">
<td>
<?php echo $key; ?>
<?php echo $test; ?>
<?php echo $row; ?>
<?php print_r($key); ?>
</td>
<td>
<?php echo substr($url,0,60); ?>
</td>
<td>
<?php echo $stat; ?>
</td>
<td>
<?php echo $node; ?>
</td>
请问你有使用过adodb+mssql吗?我这边有几个问题问一下