dpowt82802 2016-10-10 14:03
浏览 34
已采纳

可捕获的致命错误:类mysqli的对象无法在第8行转换为字符串[关闭]

I tried checking many time , still gives me this error. Actually i am trying to create a php file with the contents of $output in it .

<?php 
include 'dbconfig.php';
$rand = $_GET['rand'];
$filename = $rand.".php";
$output = "<?php"; 
$output .="include '../dbconfig.php';";
$output .="$myself = basename(__FILE__, '.php'); ";
$output .="$query = mysqli_query($dbconfig,\"Select command from records where token = '$myself'\");";
$output .="if(mysqli_num_rows($query) > 0)";
$output .="{";
$output .="while($row=$query->fetch_assoc())";
$output .="{";
$output .="$command = $row[command];";
$output .="}";
$output .="echo 'exec $command endexec';";
$output .="}";
$output .="?>";
$file = fopen("puppet\$filename","w");
fwrite($file,$putput);
$check = "Select * from records where usertoken = $rand";
$check1 = mysqli_query($dbconfig,$check);
if(mysqli_num_rows($check1)== 0){
$ins = "Insert into records (usertoken)Values('$rand')";
if(mysqli_query($dbconfig,$ins)){
$success=true;
}
}else{
$success=false;
}
?>
  • 写回答

1条回答 默认 最新

  • doudi1449 2016-10-10 14:11
    关注

    I'm gonna go ahead a 'guess' that this is actually php trying to do the thing it does when it parses strings with double quotes. It will evaluate variables and stuff in the string when it runs.

    Try single quoting the strings...

    <?php 
    include 'dbconfig.php';
    $rand = $_GET['rand'];
    $filename = $rand.'.php';
    $output = '<?php'; 
    $output .='include \'../dbconfig.php\';';
    $output .='$myself = basename(__FILE__, \'.php\'); ';
    $output .='$query = mysqli_query($dbconfig, "Select command from records where token = \'$myself\'");';
    $output .='if(mysqli_num_rows($query) > 0)';
    $output .='{';
    $output .='while($row=$query->fetch_assoc())';
    $output .='{';
    $output .='$command = $row[command];';
    $output .='}';
    $output .='echo \'exec $command endexec\';';
    $output .='}';
    $output .='?>';
    $file = fopen("puppet\$filename","w");
    fwrite($file,$output);
    $check = "Select * from records where usertoken = $rand";
    $check1 = mysqli_query($dbconfig,$check);
    if(mysqli_num_rows($check1)== 0){
        $ins = "Insert into records (usertoken)Values('$rand')";
        if(mysqli_query($dbconfig,$ins)){
            $success=true;
        }
    }else{
        $success=false;
    }
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?