我有php脚本,是发送值给它到一个MSSQL数据库。它在大约70%的时间内工作(应该有大约100条记录,我将看到大约70条)。我看不出有什么规律。我不是在找别人帮忙复习我已有的日志;我需要知道应该在哪里查找错误。php很简单,使用mssql_query、mssql_num_rows和mssql_fetch_array。php.ini中的超时没有从默认的60秒改变,尽管我刚刚将其设置为240秒(如果这修复了一切,我会更新帖子)。一旦脚本被调用,我就无法返回任何东西;每个响应,无论是否有错误,都必须是相同的。我可以以某种方式记录mssql_query函数的详细信息吗?或者是否有来自SQL服务器的响应,我可以监听?我看过说明书,还没见过这样的事。任何帮助将不胜感激!我需要尽快处理这件事。
编辑-我不能运行mssql_showlastmessage,因为我不能返回任何东西,但是,事情会中断。下面是完整的代码:
<?php
//request xml cdr from switchvox
error_reporting(E_ALL);
//include switchvox libraries
require_once("SwitchvoxRequest.php");
//define sql connection stuff
$db_host = "dbhost";
$db_user = "dbuser";
$db_pass = "dbsecret";
$db = "db";
$table_sr = "tblsr";
$table_cd = "tblcmrd";
$link = mssql_connect($db_host, $db_user, $db_pass);
$err = "";
//make sure we can connect
if (!$link || !mssql_select_db($db, $link))
{
die("<response></response>");
}
//define pbx connection stuff
$sv_host = "pbx";
$sv_user = "user";
$sv_pass = "secret";
//get the extension from the pbx and format it
$ext = $_GET['ext'];
$ext2 = $_GET['ext2'];
$jobid = $_GET['jobid'];
$et = $_GET['et'];
if(!$ext2)
{
$ext = substr($ext,-4,4);
}
if(strlen($ext) > 4)
{
if(strlen($ext2) > 4)
{
die("<response></response>");
}
$ext = $ext2;
}
//query the sr table to find the account ID of the extension we are referencing
$acid_sql = "SELECT * FROM $table_sr WHERE ext=$ext";
$acid_res = mssql_query($acid_sql);
$acida = mssql_fetch_array($acid_res, MSSQL_BOTH);
$acid = $acida['pbx_accountid'];
if (!$acid_res)
{
die("<response></response>");
}
//make sure there is a salesrep for the extension making the call
if (!$acid)
{
die("<response></response>");
}
//get and format the time and date as YYYY-MM-DD
$date = date('Y') . "-" . date('m') . "-" . date('d');
//format the time as HH:MM:SS
$time = date('H') . ":" . date('i') . ":" . date('s');
//create a new request
$req = new SwitchvoxRequest($sv_host, $sv_user, $sv_pass);
$reqpar = array
(
'account_ids' => array
(
'account_id' => array
(
$acid
)
),
'start_date' => array
(
$date . " " . "00:00:00"
),
'end_date' => array
(
$date . " " . $time
),
'sort_field' => array
(
),
'sort_order' => array
(
'DESC'
)
);
$res = $req -> send("switchvox.callLogs.search", $reqpar);
$result = $res->getResult();
$calls = $result['calls']['total_items'];
//check that there were calls to/from this account today
if(!$calls)
{
die("<response></response>");
}
$latest = $result['calls']['call']['0'];
$callid = $latest['id'];
//check to see if the call has already been logged
$id_sql = "SELECT * FROM $table_cd WHERE callID='$callid'";
$id_res = mssql_query($id_sql);
$exid = mssql_fetch_array($id_res, MSSQL_ASSOC);
if (!$id_res)
{
die("<response></response>");
}
if($exid['callID'])
{
die("<response></response>");
}
//define variables to be sent to the table
$from = $latest['from_number'];
$to = $latest['to_number'];
$durat = $latest['talk_duration'];
$start = $latest['start_time'];
$callid = $latest['id'];
$calltype = $latest['origination'];
//check the length of the cid/ext strings and swap if needed
if (strlen($from) > strlen($to))
{
$extension = $to;
$phonenumber = $from;
}
else
{
$extension = $from;
$phonenumber = $to;
}
//insert the data into the table
$fi_sql = "INSERT INTO $table_cd (extension, phonenumber, calldatetime, duration, callID, calltype) VALUES ($extension, $phonenumber, '$start', '$durat', '$callid', '$calltype')";
$fi_res = mssql_query($fi_sql);
if (!$fi_res)
{
die("<response></response>");
}
$sv_res = "<response></response>";
echo $sv_res;
?>
我意识到这是开放的sql注入。没关系。
edit -
我查看了数据库上的日志;当我期望有数据插入时,没有错误,甚至没有表明它尝试过。我将看一些将消息记录到syslog或php的东西。
通常,您可以在MySQL
上自由执行此操作。EXPLAIN SELECT ...
获取SELECT语句的描述。这个特性基本上解释了MySQL的查询分析器如何看到你的查询以及它将如何执行。例如,EXPLAIN描述,如果MySQL将要执行昂贵的表扫描或可能使用索引,如果是,哪一个。
你确定是MySQL导致了这个问题吗?或者PHP可能会导致问题?
每次查询后检查mysql_error()吗?
$ext可能不是数字吗?在这种情况下,$ext应该加引号(对不起,不喜欢字符串内部的变量替换):
$acid_sql = "SELECT * FROM " . $table_sr . " WHERE ext='" . $ext . "'";
既然您返回XML,并且如果这个例程的客户端行为良好,为什么不像这样在响应中插入一个新元素:
<response>
... other elements ...
<sysInfo>
Failed to perform...
</sysInfo>
</response>
行为良好的XML客户机应该只读取已知的元素,从而跳过额外的元素。添加这样的逻辑返回代码总是有用的。
PS:虽然上面的代码可能只是一个示例,但让我说明一下,它可以被sql-injection 攻击。