接上一篇,对安全性加以防范,使用mysqli_real_escape_string:
因为只有say.php传入的数据可能有用户的输入,故在say.php加入以下两行:
$_POST[uname]=$mysqli->real_escape_string($_POST[uname]);//Protect SQL Injection
$_POST[text]=$mysqli->real_escape_string($_POST[text]);
另外,为了方便安装,不必手动建立复杂的数据表,写了install.php:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Installing Aspicube WebChat</title>
</head>
<body>
<?php
require_once 'config.php';
$mysqli=new mysqli($mysql_address,$mysql_username,$mysql_password,$mysql_database);
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$sql="CREATE DATABASE $mysql_database;
USE $mysql_database;
CREATE TABLE msg
(
id INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(id),
uname VARCHAR(10),
text VARCHAR(128),
time DATETIME
);";
$result=$mysqli->query($sql);
if(!$result)die('Please NOT reInstall or Some Errors Occur!');
echo 'Install Finished!';
?>
</body>
</html>