.get() 请求一直运行良好,直到我将 mysql 添加到组合中,我调试了 SQL 并确保它连接完美,但它仍然无法正常工作。如果有人能告诉我哪里出错了,那就太好了。
JavaScript -
if (command !== '') {
term.echo('Waiting on response from server...');
if (command.indexOf(' ') !== -1) {
var ext_start = command.indexOf(' ');
var ext_end = command.length;
var ext = command.substr(ext_start, ext_end);
$.get('response.php', {command: command, ext: ext}, function(data) {
term.echo("Response from command: " + command + "->" + data);
});
}
else {
$.get('response.php', {command: command}, function(data) {
term.echo("Response from command: " + command + "->" + data);
});
}
try {
var result = window.eval(command);
if (result !== undefined) {
term.echo(new String(result));
}
} catch(e) {
//term.error(new String(e));
}
} else {
term.echo('');
}
响应.php -
<?php
if (isset($_GET['command'])) {
require 'config.php';
$cmd = $_GET['command'];
if (isset($_GET['ext'])) {
//Things to do if a double command was executed (e.g. !screenshot botname)
$ext = $_GET['ext'];
echo "Double Command Successful.";
}
else {
//Things to do if just a single command was executed (e.g. !info)
$query = mysqli_query($connect, "SELECT * FROM commands WHERE command='$cmd'");
$numrows = mysqli_num_rows($query);
if ($numrows !== 1) {
//If the command doesn't exist
echo "Command non-existant";
}
else {
//If the command does exist*/
mysqli_query($connect, "UPDATE commands SET status=1 WHERE command='$cmd'");
echo "Command does exist";
}
}
}
else {
echo "Error";
}
?>
哦,请不要发布/评论“你的代码容易受到 SQL 注入的攻击,bla bla bla。”,我知道,我还没有到添加检查的地步。