's Blog-ע簲ȫƶ

ҳ > > PHP >

php̡΢ıд

1.׶ 
2.֪ʶ: php;ȫӹ;
3.:     xiaoye
4.IJiԭ½ƻδɽֹתأ

ǰ
æſԸϰдӾЩγ˸д˸򵥵php΢ϵͳ֮ǰųеСզֹSQLIעξȫɢpdoдһ£sqlעԼ򵥹xssΣַ
Ÿͼȣ
                                                

ֿ
ɾģԼ༭֧titleȫֶģƥ
ųҪ˼·ܣ
Ҫıֶηsqlļ
pdo.sql

[PHP] ı鿴 ƴ
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
# Host: localhost (Version: 10.1.13-MariaDB)
# Date: 2016-12-11 10:57:00
# Generator: MySQL-Front 5.3 (Build 4.234)
/*!40101 SET NAMES utf8 */;
#
# Structure for table "weibo"
#
DROP TABLE IF EXISTS `weibo`;
CREATE TABLE `weibo` (
`Id` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(255) DEFAULT NULL,
`content` varchar(255) DEFAULT NULL,
`mydate` date,
`views` int(20),
PRIMARY KEY (`Id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

ݿļpdo
conpdo.php:

[PHP] ı鿴 ƴ
?
1
2
3
4
5
6
<?php
$pdo = new PDO("mysql:host=localhost;dbname=weibopdo", "root", "root");
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$pdo->exec("set names 'utf8'");
 
?>

ҳļҪݿӦıȫpdoȡոʽʾҳϣ
indexpdo.php

[PHP] ı鿴 ƴ
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<a href='/weibopdo/addpdo.php'></a>
<form method='POST' action='/weibopdo/search.php'>
<input type='text' name='keyword' />
<input type='submit' name='submit1' value='ƥtitle'>
<input type='submit' name='submit2' value='ƥȫ'>
</form>
<?php
include("conpdo.php");
$smt = $pdo->prepare("select * from `weibo` order by id desc limit 9");
$smt->execute(array());
$data = $smt->fetchAll();
//print_r($data);
for($i=0;$i<count($data);$i++){
?>
<hr>
<h2>⣺<a href='/weibopdo/view.php?view=<?php echo $data[$i]['Id'];?>'><?php echo $data[$i]['title'];?></a></h2>
<li><?php echo $data[$i]['mydate'];?></li>
<p>ݣ<?php echo iconv_substr($data[$i]['content'],0,10,'utf-8').'......';?></p>
<p>|<a href='/weibopdo/del.php?del=<?php echo $data[$i]['Id'];?>'>ɾ</a>
|<a href='/weibopdo/edit.php?edit=<?php echo $data[$i]['Id'];?>'>༭</a></p>
<?php       
}
?>

һ
ʵԵĹܣpdoݿݲ룬htmlspecialchars()xssм򵥹ˣ
addpdo.php

[PHP] ı鿴 ƴ
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<script>
function check(){
        if(add.title.value == ''){
                alert('titleΪ');
                return false;
        }
        if(add.content.value == ''){
                alert('contentΪ');
                return false;
        }else{
                return true;
        }
}
</script>
<form method='POST' action='' name='add' onsubmit='return check();'>
⣺<input type='text' name='title'><br>
ݣ<textarea cols='30' rows='9' name='content'></textarea><br>
<input type='submit' name='submit' value='submit'>
</form>
<?php
include("conpdo.php");
if(isset($_POST['submit'])){
        $title = htmlspecialchars($_POST['title']);
        $content = htmlspecialchars($_POST['content']);
        $smt = $pdo->prepare("insert into weibo(id,title,content,mydate) values(null,?,?,now())");
        $smt->execute(array($title,$content));
        //$data = $smt->fetchAll();
        header("Location:/weibopdo/indexpdo.php");
}
?>

ɾ
ɾܣidΪֻԵɾӵԽɾΨһʶidΪgetʽ(/weibopdo/view.php?del=<?php echo $data[$i]['Id'];?>)delɾҳidΪʶݿضнɾ
del.php

[PHP] ı鿴 ƴ
?
1
2
3
4
5
6
<?php
include("conpdo.php");
$smt = $pdo->prepare("delete from `weibo` where Id=?");
$smt->execute(array($_GET['del']));
header("Location:/weibopdo/indexpdo.php");
?>

ݲ鿴
Ŀ鿴ݣзͳƣidΪΨһʶ
/weibopdo/view.php?view=<?php echo $data[$i]['Id'];?>viewҳղݿضнselectupdateIJ
view.php

[PHP] ı鿴 ƴ
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
<?php
include("conpdo.php");
$s = $pdo->prepare("update `weibo` set views =views+1 where id=?");
$s->execute(array($_GET['view']));
$smt = $pdo->prepare("select * from `weibo` where id=?");
$smt->execute(array($_GET['view']));
$data = $smt->fetchAll();
 
?>
<h2>⣺<?php echo $data[0]['title'];?></h2>
<li><?php echo $data[0]['mydate'];?></li>
<p><?php echo $data[0]['views'];?></p>
<p>ݣ<?php echo $data[0]['content'];?></p>
<p>|<a href='/weibopdo/del.php?del=<?php echo $data[$i]['Id'];?>'>ɾ</a>
|<a href='/weibopdo/edit.php?edit=<?php echo $data[$i]['Id'];?>'>༭</a></p>

ġ༭
༭ӣԶԭԽб༭£idʶ
edit.php

[AppleScript] ı鿴 ƴ
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<?php
include("conpdo.php");
$smt = $pdo->prepare("select * from `weibo` where id=?");
$smt->execute(array($_GET['edit']));
$data = $smt->fetchAll();
if(isset($_POST['update'])){
        $s = $pdo->prepare("update `weibo` set title=?,content=? where id=?");
        $s->execute(array($_POST['title'],$_POST['content'],$_GET['edit']));
        header("Location:/weibopdo/indexpdo.php");
}
?>
<script>
function check(){
        if(edit.title.value == ''){
                alert('titleΪ');
                return false;
        }
        if(edit.content.value == ''){
                alert('contentΪ');
                return false;
        }else{
                return true;
        }
}
</script>
<form method='POST' action='' name='edit' onsubmit='return check();'>
<input type='text' name='title' value='<?php echo $data[0]['title'];?>'><br>
ݣ<textarea cols='30' rows='9' name='content'><?php echo $data[0]['content'];?></textarea><br>
<input type='submit' name='update' value='update'>
</form>

༭ӣͼڱչʾ֮ǰtitlecontentɱ༭
                                               
塢ѯƥ
ҪѯֶΣΪtitleȫƥַʽͬIJѯʽвͬݿģѯ
search.php

[PHP] ı鿴 ƴ
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?php
include("conpdo.php");
if(isset($_POST['submit1'])){
        $smt = $pdo->prepare("select * from `weibo` where title like :title");
        $smt->bindValue(':title', '%'.$_POST['keyword'].'%',PDO::PARAM_STR);
        $smt->execute();
        $data = $smt->fetchAll();
}
if(isset($_POST['submit2'])){
        $smt = $pdo->prepare("select * from `weibo` where title like :title or content like :content");
        $smt->bindValue(':title', '%'.$_POST['keyword'].'%',PDO::PARAM_STR);
        $smt->bindValue(':content', '%'.$_POST['keyword'].'%',PDO::PARAM_STR);
        $smt->execute();
        $data = $smt->fetchAll();
}
for($i=0;$i<count($data);$i++){
?>
<hr>
<h2>⣺<a href='/weibopdo/view.php?view=<?php echo $data[$i]['Id'];?>'><?php echo $data[$i]['title'];?></a></h2>
<li><?php echo $data[$i]['mydate'];?></li>
<p>ݣ<?php echo iconv_substr($data[$i]['content'],0,10,'utf-8').'......';?></p>
<p>|<a href='/weibopdo/del.php?del=<?php echo $data[$i]['Id'];?>'>ɾ</a>
|<a href='/weibopdo/edit.php?edit=<?php echo $data[$i]['Id'];?>'>༭</a></p>
<?php
        }
?>

titleѯַiͼ
                                                                             
ȫƥַi
                                                                              

ܽ

΢ϵͳǰĿγпͦϵˣpdoдһ£ϰpdoҲϰݿ֪ʶСѧphpİ˼·дһӦûаһ8ļεҩˮٿɡ
ʵֲǺѣҿԶдд
p.s:
ܣҪ·ˣϰԡܾҿơ
Ƿ£Ծͻ
(α༭)