很优雅的语言
怎么被写成这样
sql那块 尽量使用pdo
实在不习惯 使用sql的封装也可以的 比如 adodb 封装好的
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
<?php if(isset($_POST['search'])) { $query0 = mysqli_escape_string($_POST['search']); $search = "AND url LIKE %".$query0."%"; } else { die('lost keyword!!!'); } $sql0 = "SELECT COUNT(*) AS row from sqlmap where hash !='' ".$search." AND userhash = ".$hash." ORDER BY PR DESC"; $query = mysqli_query($conn,$sql0); while( $row=mysqli_fetch_array($query) ){ if($row['status']=='running') { $class='active'; } else{ $class='success'; } @preg_match_all('/ => \'(.*)\n\'/',$row['data'],$match); $num = count($match['1']) -1; $last=$match[$num]; $key=$row['key']; $stat=$row['status']; $url=$row['url']; $pr=$row['pr']; $dbtype=$row['dbtype']; $node=$row['apiserver']; if(stripos($last,"back-end") and stripos($last,"--dbms") == false) { $class='danger'; $stat='Inject'; $sql1 = "update sqlmap set status='".$stat."' where key = '".$key."' and userhash= '".$hash."'"; mysqli_query($conn,$sql1); } preg_match_all('/ => \'(.*)\n\'/',$row['data'],$match); $data=''; foreach($match['1'] as $m){ $m=stripcslashes($m); $data.=$m."\n"; } if(@$_GET['vul'] == '1' and $stat !='Inject'){ //echo $stat."<br>"; $echo=0; } else { $echo=1; } if($echo) { ?> <tr class="<?php echo $class; ?>"> <td> <?php echo $key; ?> <?php echo $test; ?> <?php echo $row; ?> <?php print_r($key); ?> </td> <td> <?php echo substr($url,0,60); ?> </td> <td> <?php echo $stat; ?> </td> <td> <?php echo $node; ?> </td> |
请问你有使用过adodb+mssql吗?我这边有几个问题问一下