dpowt82802 2016-10-10 14:03
浏览 34
已采纳

可捕获的致命错误:类mysqli的对象无法在第8行转换为字符串[关闭]

I tried checking many time , still gives me this error. Actually i am trying to create a php file with the contents of $output in it .

<?php 
include 'dbconfig.php';
$rand = $_GET['rand'];
$filename = $rand.".php";
$output = "<?php"; 
$output .="include '../dbconfig.php';";
$output .="$myself = basename(__FILE__, '.php'); ";
$output .="$query = mysqli_query($dbconfig,\"Select command from records where token = '$myself'\");";
$output .="if(mysqli_num_rows($query) > 0)";
$output .="{";
$output .="while($row=$query->fetch_assoc())";
$output .="{";
$output .="$command = $row[command];";
$output .="}";
$output .="echo 'exec $command endexec';";
$output .="}";
$output .="?>";
$file = fopen("puppet\$filename","w");
fwrite($file,$putput);
$check = "Select * from records where usertoken = $rand";
$check1 = mysqli_query($dbconfig,$check);
if(mysqli_num_rows($check1)== 0){
$ins = "Insert into records (usertoken)Values('$rand')";
if(mysqli_query($dbconfig,$ins)){
$success=true;
}
}else{
$success=false;
}
?>
  • 写回答

1条回答 默认 最新

  • doudi1449 2016-10-10 14:11
    关注

    I'm gonna go ahead a 'guess' that this is actually php trying to do the thing it does when it parses strings with double quotes. It will evaluate variables and stuff in the string when it runs.

    Try single quoting the strings...

    <?php 
        include 'dbconfig.php';
        $rand = $_GET['rand'];
        $filename = $rand.'.php';
        $output = '<?php'; 
        $output .='include \'../dbconfig.php\';';
        $output .='$myself = basename(__FILE__, \'.php\'); ';
        $output .='$query = mysqli_query($dbconfig, "Select command from records where token = \'$myself\'");';
        $output .='if(mysqli_num_rows($query) > 0)';
        $output .='{';
        $output .='while($row=$query->fetch_assoc())';
        $output .='{';
        $output .='$command = $row[command];';
        $output .='}';
        $output .='echo \'exec $command endexec\';';
        $output .='}';
        $output .='?>';
        $file = fopen("puppet\$filename","w");
        fwrite($file,$output);
        $check = "Select * from records where usertoken = $rand";
        $check1 = mysqli_query($dbconfig,$check);
        if(mysqli_num_rows($check1)== 0){
            $ins = "Insert into records (usertoken)Values('$rand')";
            if(mysqli_query($dbconfig,$ins)){
                $success=true;
            }
        }else{
            $success=false;
        }
    ?>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?
  • ¥15 ubuntu系统下挂载磁盘上执行./提示权限不够
  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 关于#r语言#的问题:差异分析前数据准备,报错Error in data[, sampleName1] : subscript out of bounds请问怎么解决呀以下是全部代码:
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码