引用mysqli_connect.php中断PHPExcel Downloader
我是一个新的开发人员,最近完成了为我的公司编写一个简单的PHP MySQL数据库pipe理系统。 现在我已经完成了它的工作 ,我想要保证它的安全,实现我可以在网上find的所有安全最佳实践(例如:正则expression式,在web目录之外有mysqli_connect.php,在脚本内部有连接string等等)在我上网之前。 我已经编辑了这些代码之外的一些个人信息,并将其replace为它的工作内容,但括号内。 如果可能的话,我不想把它留在网上。
通常情况下,我只能参照mysqli_connect.php来处理数据库,如下所示:
require_once ('..\mysqli_connect.php');
我的DBMS的一个function是“下载到excel”button。 它完美的工作, 但只有当我有直接连接的文件内的连接。 如果我尝试像上面的示例中那样编写连接,Excel文件将显示以下错误消息:
Excel cannot open the file 'xyz.xlsx' because the file format or extension is not valid. Verify that the file has not been corrupted and that the file extension matches the format of the file.
当我直接在ExcelDownload.php中写入连接时,Excel文件正确下载。 连接string如下所示:
$dbc = @mysqli_connect( '[myhost]', '[myusername]', '[mypassword]', '[mydatabase]')
所以再次,基本上,间接引用连接导致我的Excel下载bug,我不知道为什么。 如果我直接召唤连接,它工作正常。 任何帮助将不胜感激。
再次感谢Jibreel
顺便说一下,这里是ExcelDownload.php:
<?php session_start(); //VERIFY LOGGED IN: Redirects user back to home page if they are not logged in or if they don't have the right privileges. Should be atop every page. if(!isset($_SESSION['id'])) {header("Location: login.php");} //CALLS PHPEXCEL: Creates connection to PHPExcel class library, and creates new instance of PHPExcel. // From there it sets the attributes for some of PHPExcel's methods, to explain how we want the spreadsheet to be designed. require_once 'Classes/PHPExcel.php'; $objPHPExcel = new PHPExcel(); $objPHPExcel->getActiveSheet()->setTitle('OpenOrders'); $objPHPExcel->getActiveSheet()->setCellValue('A1', '[my company]'); //CONFIRMATION: If Export to Excel button is pushed, then do this if(isset($_POST["export_Excel"])) { //DANGER!! UNSECURED DATABASE CONNECTION. BAD PRACTICE. CHANGE IN NEXT VERSION! //GENERATE QUERY: Connects to database -- Once connected, runs select * query and saves the outcome in $result $dbc = @mysqli_connect( '[myhost]', '[myusername]', '[mypassword]', '[mydb]') OR die ('Could not connect to MySQL ' . mysqli_connect_error()); $sql = "[myquery]"; $result = mysqli_query($dbc, $sql); //SET HEADING VALUE: Sets the values for the top row of the spreadsheet, which will be the headings. $objPHPExcel->getActiveSheet()->setCellValue('C3', 'OOPONO'); $objPHPExcel->getActiveSheet()->setCellValue('D3', 'Order Status'); $objPHPExcel->getActiveSheet()->setCellValue('E3', 'Order Comments'); //ITERATOR: If there are values inside of $result, starting at row 4, insert values for OOPONO, order status, and comments until $results is totally intereated. if(mysqli_num_rows($result) > 0) { $rownumber = 4; while ($row = mysqli_fetch_array($result)) { $row1 = 'C'.$rownumber; $objPHPExcel->getActiveSheet()->setCellValue($row1, $row["OOPONO"]); $row1 = 'D'.$rownumber; $objPHPExcel->getActiveSheet()->setCellValue($row1, $row["Order_Status"]); $row1 = 'E'.$rownumber; $objPHPExcel->getActiveSheet()->setCellValue($row1, $row["Comments"]); $rownumber = $rownumber + 1; } } } //DOWNLOAD SETUP: Defines the different attributes of the Excel doc ranging from filename to extension. It also does the finishing touches of setting up the download. header('Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'); header('Content-Disposition: attachment;filename="OpenOrders.xlsx"'); header('Cache-Control: max-age=0'); $objWriter = PHPExcel_IOFactory::createWriter($objPHPExcel, 'Excel2007'); $objWriter->save('php://output'); ?>
所以再次,基本上,间接引用连接导致我的Excel下载bug,我不知道为什么。 如果我直接召唤连接,它工作正常。
没有! referencing the connection indirectly causes错误,从而导致发送到您的显示器的错误消息; 然后将Excel输出也发送到您的显示器,以便错误消息成为Excel数据stream内容的一部分,因此错误消息被注入到文件中,导致文件损坏。
在文本编辑器中打开文件,你应该能够看到你得到的实际的错误信息