0
如何让以下数据库只提交条目,如果密码匹配'1996' - 我试图调查这一点,找不到任何东西。以下也可能有一个display.php文件,其中包含数据库详细信息,并且它们也具有正确的引脚编码。我只是不知道如何使这部分编码在提交细节前确保引脚是正确的,并且如果引脚不正确,则会出现错误消息。SQL数据库密码保护提交
<?php
class simpleCMS {
var $host;
var $username;
var $password;
var $db;
var $pin;
public function display_public() {
$q = "SELECT * FROM sianDB4 ORDER BY created DESC LIMIT 4";
$r = mysql_query($q);
$entry_display = '';
if ($r !== false && mysql_num_rows($r) > 0) {
while ($a = mysql_fetch_assoc($r)) {
$title = ($a['title']);
$bodytext = ($a['bodytext']);
$author = ($a['author']);
$entry_display .= <<<ENTRY_DISPLAY
<div class="post">
<h2>
$title
</h2>
<h3>
$bodytext
</h3>
<p>
$author
</p>
</div>
ENTRY_DISPLAY;
}
} else {
$entry_display = <<<ENTRY_DISPLAY
<h2> This Page Is Under Construction </h2>
<p>
No entries have been made on this page.
Please check back soon, or click the
link below to add an entry!
</p>
ENTRY_DISPLAY;
}
$entry_display .= <<<ADMIN_OPTION
<p class="admin_link">
<a href="{$_SERVER['PHP_SELF']}?admin=1">Add a New Entry</a>
</p>
ADMIN_OPTION;
return $entry_display;
}
public function display_admin() {
return <<<ADMIN_FORM
<form action="{$_SERVER['PHP_SELF']}" method="post">
<label for="title">Title:</label><br />
<input name="title" id="title" type="text" maxlength="150" />
<div class="clear"></div>
<label for="bodytext">Body Text:</label><br />
<textarea name="bodytext" id="bodytext"></textarea>
<div class="clear"></div>
<label for="author">Author:</label><br />
<textarea name="author" id="author"></textarea>
<div class="clear"></div>
<label for="pin">Pin:</label><br />
<input name="pin" id="pin" type="Password" maxlength="4" />
<div class="clear"></div>
<input type="submit" value="Create This Entry!" />
</form>
ADMIN_FORM;
}
public function write($p) {
if ($_POST['title'])
$title = mysql_real_escape_string($_POST['title']);
if ($_POST['bodytext'])
$bodytext = mysql_real_escape_string($_POST['bodytext']);
if ($_POST['author'])
$author = mysql_real_escape_string($_POST['author']);
if ($title && $bodytext && $author) {
$created = time();
$sql = "INSERT INTO sianDB4
VALUES('$title','$bodytext','$author','$created')";
return mysql_query($sql);
}else{
return false;
}
}
public function connect() {
mysql_connect($this->host,$this->username,$this->password,$this->pin) or die("Could not connect. " . mysql_error());
mysql_select_db($this->db) or die("Could not select database. " . mysql_error());
return $this->buildDB();
}
private function buildDB() {
$sql = <<<MySQL_QUERY
CREATE TABLE IF NOT EXISTS sianDB4 (
title VARCHAR(150),
bodytext TEXT,
author TEXT,
created VARCHAR(100)
)
MySQL_QUERY;
return mysql_query($sql);
}
}
?>
请[停止使用'mysql_ *'功能](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php)。 [这些扩展](http://php.net/manual/en/migration70.removed-exts-sapis.php)已在PHP 7中删除。了解[编写](http://en.wikipedia.org/ wiki/Prepared_statement)语句[PDO](http://php.net/manual/en/pdo.prepared-statements.php)和[MySQLi](http://php.net/manual/en/mysqli.quickstart .prepared-statements.php)并考虑使用PDO,[这真的很简单](http://jayblanchard.net/demystifying_php_pdo.html)。 –