dpowt82802 2016-10-10 14:03
浏览 34
已采纳

可捕获的致命错误:类mysqli的对象无法在第8行转换为字符串[关闭]

I tried checking many time , still gives me this error. Actually i am trying to create a php file with the contents of $output in it .

<?php 
include 'dbconfig.php';
$rand = $_GET['rand'];
$filename = $rand.".php";
$output = "<?php"; 
$output .="include '../dbconfig.php';";
$output .="$myself = basename(__FILE__, '.php'); ";
$output .="$query = mysqli_query($dbconfig,\"Select command from records where token = '$myself'\");";
$output .="if(mysqli_num_rows($query) > 0)";
$output .="{";
$output .="while($row=$query->fetch_assoc())";
$output .="{";
$output .="$command = $row[command];";
$output .="}";
$output .="echo 'exec $command endexec';";
$output .="}";
$output .="?>";
$file = fopen("puppet\$filename","w");
fwrite($file,$putput);
$check = "Select * from records where usertoken = $rand";
$check1 = mysqli_query($dbconfig,$check);
if(mysqli_num_rows($check1)== 0){
$ins = "Insert into records (usertoken)Values('$rand')";
if(mysqli_query($dbconfig,$ins)){
$success=true;
}
}else{
$success=false;
}
?>
  • 写回答

1条回答 默认 最新

  • doudi1449 2016-10-10 14:11
    关注

    I'm gonna go ahead a 'guess' that this is actually php trying to do the thing it does when it parses strings with double quotes. It will evaluate variables and stuff in the string when it runs.

    Try single quoting the strings...

    <?php 
        include 'dbconfig.php';
        $rand = $_GET['rand'];
        $filename = $rand.'.php';
        $output = '<?php'; 
        $output .='include \'../dbconfig.php\';';
        $output .='$myself = basename(__FILE__, \'.php\'); ';
        $output .='$query = mysqli_query($dbconfig, "Select command from records where token = \'$myself\'");';
        $output .='if(mysqli_num_rows($query) > 0)';
        $output .='{';
        $output .='while($row=$query->fetch_assoc())';
        $output .='{';
        $output .='$command = $row[command];';
        $output .='}';
        $output .='echo \'exec $command endexec\';';
        $output .='}';
        $output .='?>';
        $file = fopen("puppet\$filename","w");
        fwrite($file,$output);
        $check = "Select * from records where usertoken = $rand";
        $check1 = mysqli_query($dbconfig,$check);
        if(mysqli_num_rows($check1)== 0){
            $ins = "Insert into records (usertoken)Values('$rand')";
            if(mysqli_query($dbconfig,$ins)){
                $success=true;
            }
        }else{
            $success=false;
        }
    ?>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 iqoo11 如何下载安装工程模式
  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 蓝桥杯单片机第十三届第一场,整点继电器吸合,5s后断开出现了问题
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?