我在 Moodle 3.3 上安装了一个插件,现在出现 SQL 语法错误和从数据库读取错误
。我做了一些 PHP 调试,给出了以下描述:
Debug info: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'OR target = LIMIT 0, 1' at line 1
SELECT 'x' FROM mdl_dasis_relations WHERE source = OR target = LIMIT 0, 1 [array ( )]
Error code: dmlreadexception
Stack trace:
line 486 of /lib/dml/moodle_database.php: dml_read_exception thrown
line 1184 of /lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end()
line 1889 of /lib/dml/moodle_database.php: call to mysqli_native_moodle_database->get_recordset_sql()
line 1874 of /lib/dml/moodle_database.php: call to moodle_database->record_exists_sql()
line 76 of /blocks/semantic_web/block_semantic_web.php: call to moodle_database->record_exists_select()
line 709 of /blocks/moodleblock.class.php: call to block_semantic_web->get_content()
line 230 of /blocks/moodleblock.class.php: call to block_list->formatted_contents()
line 1205 of /lib/blocklib.php: call to block_base->get_content_for_output()
line 1257 of /lib/blocklib.php: call to block_manager->create_block_contents()
line 579 of /lib/outputrenderers.php: call to block_manager->ensure_content_created()
line 39 of /theme/bootstrapbase/renderers/core_renderer.php: call to core_renderer->standard_head_html()
line 44 of /theme/clean/layout/columns3.php: call to theme_bootstrapbase_core_renderer->standard_head_html()
line 1162 of /lib/outputrenderers.php: call to include()
line 1092 of /lib/outputrenderers.php: call to core_renderer->render_page_layout()
line 68 of /course/index.php: call to core_renderer->header()
我也做了一些调查,我认为这是 block_semantic_web.php
文件抛出错误的部分:
function setLastActivity() {
global $USER, $PAGE, $DB;
if($PAGE->cm) {
if($DB->record_exists_select("dasis_relations", "source = ".$PAGE->cm->id." OR target = ".$PAGE->cm->id)) {
$lastActivity = new object();
$lastActivity->userid = $USER->id;
$lastActivity->courseid = $PAGE->cm->course;
$lastActivity->course_module = $PAGE->cm->id;
if($rec = $DB->get_record("dasis_last_activity", array("userid" => $lastActivity->userid, "courseid" => $lastActivity->courseid))) {
$lastActivity->id = $rec->id;
$lastActivity->last_access = date("Y-m-d H:i:s", time());
$DB->update_record("dasis_last_activity", $lastActivity);
}else{
$DB->insert_record("dasis_last_activity", $lastActivity);
}
}
}
}
我不知道语法错误到底是什么。
PHP: 7.0.33-8+ubuntu18.04.1
MySQL:版本 14.14 Distrib 5.7.26
最佳答案
$PAGE->cm->id
可能未定义,例如,它未在事件/类(class)模块上下文(类(class) View 、主页、配置文件等)之外的页面中定义。 ).我建议您在调用 setLastActivity
或 $DB->record_exists_select
之前检查它是否不为空。像这样:
global $PAGE;
if (!empty($PAGE->cm->id)) {
// ...
}
然后(正如之前有人注意到的那样),您可以通过单独传递参数来调用它以避免任何类型的 SQL 注入(inject)漏洞:
$select = 'source = :source OR target = :target';
$params = ['source' => $PAGE->cm->id, 'target' => $PAGE->cm->id];
$DB->record_exists_select('dasis_relations', $select, $params);
关于php - 为什么我在 Moodle 3.3 中出现 SQL 语法错误?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56918575/