这段PHP代码展示了如何连接到MySQL数据库,进行插入和查询操作。通过定义常量设置数据库服务器、用户名、密码和数据库名,然后使用mysqli库建立连接。如果连接失败,将打印错误信息并退出。接着,有一个`quote_smart`函数用于转义输入值以防止SQL注入。在表单提交后,如果邮箱和用户名非空,将尝试插入新用户。最后,查询所有用户并生成XML格式的用户列表返回。
/* Thanks to Pete Mackie for the code below */
Define(’DATABASE_SERVER’, ’localhost’);
Define(’DATABASE_USERNAME’, ’root’);
Define(’DATABASE_PASSWORD’, ’root’);
Define(’DATABASE_NAME’, ’flextest’);
# Connect to the database
$mysqli = new mysqli(DATABASE_SERVER, DATABASE_USERNAME,
DATABASE_PASSWORD, DATABASE_NAME);
# Check connection
if (mysqli_connect_errno()) {
printf("MySQL connect failed: %s\n", mysqli_connect_error());
exit();
}
# Quote variable to make safe
function quote_smart($value) {
global $mysqli;
# Stripslashes
if (get_magic_quotes_gpc())
$value = stripslashes($value);
# Quote if not integer
if (!is_numeric($value))
$value = $mysqli->real_escape_string($value);
return $value;
}
if (!empty($_POST) && $_SERVER[’REQUEST_METHOD’] == ’POST’) {
if ($_POST[’emailaddress’] && $_POST[’username’]) {
# Add the user
$query = sprintf("Insert INTO users VALUES (’’, ’%s’, ’%s’)",
quote_smart($_POST[’username’]), quote_smart($_POST[’emailaddress’]));
if (!@$mysqli->query($query)) {
printf("’flextest’ user database query insert error: %s\n", $mysqli->error);
$mysqli->close();
exit();
}
}
}
# Return a list of all the users
if (!$result=@$mysqli->query("Select * from users")) {
printf("’flextest’ user database query select error: %s\n", $mysqli->error);
$mysqli->close();
exit();
}
$xml_return = "";
while ($user = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
$xml_return .=
"".$user[’userid’]."".$user[’username’]."".$user[’emailaddress’]."\n";
}
$xml_return.= "";
$mysqli->close();
echo $xml_return;
?>
扫一扫
256
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
