优化API接口代码，增强数据库连接安全性与代码可读性

2024-12-22 15:48:03 +08:00
parent f21a71eb6f
commit 5b0873b4d4
2 changed files with 32 additions and 21 deletions
--- a/api.php
+++ b/api.php
@@ -962,38 +962,51 @@ switch ($act) {
                break;
        }
    case 'bind':
-        $stmt1 = $mySQLi->prepare('insert into `player_connect_threeparty` (player_id, type, connect_id) values(?, `linuxdo`, ?)');
-        $stmt1->bind_param('ssisiissis', input('account'), input('connect_id'));
-        $stmt1->execute();
-        $stmt1->close();
-        $stmt2 = $mySQLi->prepare('select password from player where username=?');
-        $stmt2->bind_param('s', input('account'));
-        $stmt2->execute();
-        $result = $stmt2->get_result();
+        $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']);
+        if ($mySQLi->connect_errno)
+            returnJson(['code' => 1, 'msg' => $mySQLi->connect_error]);
+        $mySQLi->set_charset($_CONFIG_DB['db_charset']);
+        $stmt = $mySQLi->prepare('insert into `player_connect_threeparty` (username, type, connect_id) values(?, `linuxdo`, ?)');
+        $stmt->bind_param('ss', input('account'), input('connect_id'));
+        $stmt->execute();
+        $stmt->close();
+        $stmt = $mySQLi->prepare('select password from player where username=?');
+        $stmt->bind_param('s', input('account'));
+        $stmt->execute();
+        $result = $stmt->get_result();
        $data = $result->fetch_array();
        $result->free_result();
-        $stmt2->close();
        returnJson($data);
+        $stmt->close();
+        $mySQLi->close();
        break;
    case 'link':
-        $stmt = $mySQLi->prepare('select player_id from player_connect_threeparty where type=`linuxdo` and connect_id=?');
-        $stmt->bind_param('s', input('connect_id'));
+        $connectId = input('connect_id');
+        $tpType = 'linuxdo';
+        $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']);
+        if ($mySQLi->connect_errno)
+            returnJson(['code' => 1, 'msg' => $mySQLi->connect_error]);
+        $mySQLi->set_charset($_CONFIG_DB['db_charset']);
+        $stmt = $mySQLi->prepare('select username from player_connect_threeparty where type=? and connect_id=? limit 1');
+        $stmt->bind_param('ss', $tpType , $connectId);
        $stmt->execute();
        $result = $stmt->get_result();
        $row = $result->fetch_array();
-        $stmt->close();
-
        if (!empty($row)) {
-            $getPlayer = $mySQLi->prepare('select username,password from player where id=? limit 1');
-            $getPlayer->bind_param('ass', $row['player_id']);
+            $getPlayer = $mySQLi->prepare('select username,password from `player` where id=? limit 1');
+            $getPlayer->bind_param('s', $row['username']);
            $getPlayer->execute();
            $res = $getPlayer->get_result();
            $account = $res->fetch_array();
            returnJson(['code' => 0, 'data' => $res]);
+            $res->free_result();
+            $getPlayer->close();
        } else {
            returnJson(['code' => '1']);
        }
+        $stmt->close();
+        $mySQLi->close();
        break;
    default:
        echo 'success';
-}
+}