<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title></title>
<meta charset="UTF-8">
</head>
<body>
<h1>Add a Blog Entry</h1>
<?php
if(isset($_POST['submitted'])){ //处理表单。
//连接服务器并选中数据库:
$dbc = mysql_connect('localhost','username','password');
mysql_select_db('mybolg',$dbc);
//验证表单数据并确保安全:
$problem = FALSE;
if(!empty($_POST['title']) && !empty($_POST['entry'])){
$title = mysql_real_escape_string(trim(strip_tags($_POST['title'])),$dbc);
$entry = mysql_real_escape_string(trim(strip_tags($_POST['entry'])),$dbc);
}else{
echo '<p style="color: red;">Please submit both a title and an entry.</p>';
$problem = TRUE;
}
if(!$problem){
//定义查询:
$query = "INSERT INTO entries(entry_id,title,entry,date_entered) VALUE
(0,'$title','$entry',NOW())";
//执行查询
if(@mysql_query($query,$dbc)){
echo '<p>The blog entry has been added!</p>';
}else{
echo '<p style="color: red;">Could not add the entry because:<br/>'.
mysql_error($dbc).'.</p><p>The query being run was:'.$query.'</p>';
}
}//一切正常!
mysql_close($dbc); //关闭连接。
} //结束提交条件语句。
//显示表单:
?>
<form action="add_entry1.php" method="post">
<p>Entry Title: <input type="text" name="title" size="40" maxlength="100" /></p>
<p>Entry Text: <textarea name="entry" cols="40" rows="5"></textarea></p>
<input type="submit" name="submit" value="Post This Entry!" />
<input type="hidden" name="submitted" value="true" />
</form>
</body>
</html>
PHP——安全查询数据
最新推荐文章于 2023-06-10 13:01:17 发布