【发布时间】:2025-12-05 14:30:01
【问题描述】:
有没有更好的方法来做这些查询?
我从其他 php 调用这些函数,以 JSON 格式将数据返回到我的 Android 应用程序。 但是我觉得这段代码很“脏”。
此代码有效。但是如果有很多用户请求,会有问题吗?我想把所有的东西都保持得很快,以备不时之需。现在大约有 100 人在运行这个应用程序。现在一切正常。但是如果有更多会怎么样?
<?php require_once("db_connection.php");?>
<?php
define('TIMEZONE', 'Europe/Paris');
date_default_timezone_set(TIMEZONE);
function storeUser($email, $password, $uuid, $name){
global $connection;
$date = date("Y-m-d H:i:s");
$query = "SELECT * FROM treuepass_users_all WHERE email ='{$email}'";
$res = mysqli_query($connection, $query);
$num = mysqli_num_rows($res);
if ($num == 0)
{
$query = "SELECT * FROM treuepass_users_all WHERE uuid ='{$uuid}'";
$res = mysqli_query($connection, $query);
$num = mysqli_num_rows($res);
if ($num > 0)
{
$query2 = "UPDATE treuepass_users_all SET email = '{$email}', password = '{$password}', name = '{$name}' WHERE uuid ='{$uuid}'";
$res2 = mysqli_query($connection, $query2);
return $res2;
mysqli_close($connection);
}
else //////Wenn sich HANDY das erste mal anmeldet
$query = "INSERT INTO treuepass_users_all (uuid, dateofregister, email, password, name) VALUES ('{$uuid}', '{$date}', '{$email}', '{$password}', '{$name}')";
$res = mysqli_query($connection, $query);
$query2 = "UPDATE treuepass_users_all SET lastlogin = '{$date}', logincounter = logincounter +1 WHERE uuid ='{$uuid}'";
$res2 = mysqli_query($connection, $query2);
return $res2;
mysqli_close($connection);
}else{
return false;
}
}
function getUserByUsernameAndPassword($email, $password, $uuid){
$date = date("Y-m-d H:i:s");
global $connection;
$query1 = "UPDATE treuepass_users_all SET uuid = '{$uuid}', lastlogin = '{$date}', logincounter = logincounter +1 WHERE email = '{$email}' AND password = '{$password}'";
$user1 = mysqli_query($connection, $query1);
$query2 = "SELECT * FROM treuepass_users_all WHERE email = '{$email}' AND password = '{$password}'";
$user2 = mysqli_query($connection, $query2);
if($user2){
while ($res = mysqli_fetch_assoc($user2)){
return $res;
}
}
else{
return false;
}
mysqli_close($connection);
}
function getUserByUUID($uuid){
global $connection;
//////Wenn UUID bereits Vorhanden
$date = date("Y-m-d H:i:s");
$query2 = "UPDATE treuepass_users_all SET lastlogin = '{$date}', logincounter = logincounter +1 WHERE uuid ='{$uuid}'";
$res2 = mysqli_query($connection, $query2);
$query = "SELECT * FROM treuepass_users_all WHERE uuid ='{$uuid}'";
$res = mysqli_query($connection, $query);
$num = mysqli_num_rows($res);
if ($num > 0)
{
while ($dsatz = mysqli_fetch_assoc($res))
return $dsatz;
mysqli_close($connection);
}
else //////Wenn sich HANDY das erste mal anmeldet
$query = "INSERT INTO treuepass_users_all (uuid, dateofregister, lastlogin, logincounter) VALUES ('{$uuid}', '{$date}', '{$date}', '1')";
$res = mysqli_query($connection, $query);
$query3 = "SELECT * FROM treuepass_users_all WHERE uuid ='{$uuid}'";
$res3 = mysqli_query($connection, $query3);
if($res3){
while ($res = mysqli_fetch_assoc($res3)){
return $res;
}
}
else{
return false;
}
mysqli_close($connection);
}
function getUpdateUserDataLocation($locationid, $id, $stampcard1counter, $stampcard1stampsnow, $stampcard1redeemed, $stampcard2counter, $stampcard2stampsnow, $stampcard2redeemed, $stampcard3counter, $stampcard3stampsnow, $stampcard3redeemed, $vouchercounter, $vouchernow, $voucherredeemed){
global $connection;
$date = date("Y-m-d H:i:s");
$locationtable5 = "treuepass_history_$locationid";
$query5 = "INSERT INTO $locationtable5 (uuid, date, time, stampcard1counter, stampcard1redeemed, stampcard2counter, stampcard2redeemed, stampcard3counter, stampcard3redeemed, voucherredeemed)
VALUES ('$id', '$date', '$date', '$stampcard1counter','$stampcard1redeemed', '$stampcard2counter','$stampcard2redeemed', '$stampcard3counter','$stampcard3redeemed', '$voucherredeemed')";
mysqli_query($connection, $query5);
$locationtable = "treuepass_users_$locationid";
$query3 = "UPDATE $locationtable
SET
stampcard1counter = stampcard1counter+'{$stampcard1counter}', stampcard1stampsnow = '{$stampcard1stampsnow}', stampcard1redeemed = stampcard1redeemed+'{$stampcard1redeemed}',
stampcard2counter = stampcard2counter+'{$stampcard2counter}', stampcard2stampsnow = '{$stampcard2stampsnow}', stampcard2redeemed = stampcard2redeemed+'{$stampcard2redeemed}',
stampcard3counter = stampcard3counter+'{$stampcard3counter}', stampcard3stampsnow = '{$stampcard3stampsnow}', stampcard3redeemed = stampcard3redeemed+'{$stampcard3redeemed}',
vouchercounter = vouchercounter+'{$vouchercounter}', vouchernow = '{$vouchernow}', voucherredeemed = voucherredeemed+'{$voucherredeemed}'
WHERE uuid ='{$id}'";
$res3 = mysqli_query($connection, $query3);
$query = "SELECT * FROM $locationtable WHERE uuid ='{$id}'";
$res = mysqli_query($connection, $query);
$num = mysqli_num_rows($res);
if ($num > 0)
{
while ($dsatz = mysqli_fetch_assoc($res))
return $dsatz;
mysqli_close($connection);
} ////////////////////////////////////////////
else // Wenn sich HANDY das erste mal anmeldet //
$query = "INSERT INTO $locationtable (uuid, stampcard1counter, stampcard1stampsnow, stampcard1redeemed, stampcard2counter, stampcard2stampsnow, stampcard2redeemed, stampcard3counter, stampcard3stampsnow, stampcard3redeemed, vouchercounter, vouchernow, voucherredeemed)
VALUES ('$id', '$stampcard1counter','$stampcard1stampsnow','$stampcard1redeemed', '$stampcard2counter','$stampcard2stampsnow','$stampcard2redeemed', '$stampcard3counter','$stampcard3stampsnow','$stampcard3redeemed',
'$vouchercounter','$vouchernow','$voucherredeemed')";
mysqli_query($connection, $query);
mysqli_close($connection);
}
function getUsersLocationStampcard($userid, $locationid){
global $connection;
$locationtable = "treuepass_users_$locationid";
$query = "SELECT * FROM $locationtable WHERE uuid ='{$userid}'";
$res = mysqli_query($connection, $query);
if($res){
while ($response = mysqli_fetch_assoc($res)){
return $response;
}
}
else{
return false;
}
mysqli_close($connection);
}
?>
【问题讨论】:
-
哦,肯定的
-
几乎(我说几乎是因为我没有检查所有代码)您在同一张表上的所有双重查询都可以作为一个查询完成
-
您的脚本对SQL Injection Attack 甚至if you are escaping inputs, its not safe! 都是开放的,在
MYSQLI_或PDOAPI 中使用prepared parameterized statements -
在我看来您使用的是 纯文本密码 PHP 提供了
password_hash()和password_verify()请使用它们。这里有一些good ideas about passwords如果你使用的是5.5之前的PHP版本there is a compatibility pack available here -
这种类型的问题最好在Code Review提出