<?php session_start(); // header("Content-type: application/json;charset=utf-8"); header("Content-type:text/html;charset=utf-8"); require_once 'xss.php'; $con = mysql_connect("localhost", "root", ""); if (!$con) { die('Could not connect: ' . mysql_error()); } else { if ($_POST['token'] == $_SESSION['token']) { // 添加title等信息 先获取input中的值 并传给数据库 mysql_select_db("my110", $con); $newstitle = label_save($_POST['newstitle']); $newsimg = label_save($_POST['newsimg']); $newscontent = label_save($_POST['newscontent']); $addtime = label_save($_POST['addtime']); $sql = "INSERT INTO `news`(`newstitle`, `newsimg`, `newscontent`, `addtime`) VALUES ('" . $newstitle . "','" . $newsimg . "','" . $newscontent . "','" . $addtime . "')"; mysql_query("set names'utf8'"); $result = mysql_query($sql, $con); if (!$result) { die('Error: ' . mysql_error()); } else { echo "sucess"; } } else { echo "token don't allow !"; } } mysql_close($con);
<?php session_start(); header("Content-type:text/html;charset=utf-8"); require_once 'xss.php'; $con = mysql_connect("localhost", "root", ""); if (!$con) { die('Could not connect: ' . mysql_error()); } else { // 添加title等信息 先获取input中的值 并传给数据库 mysql_select_db("my110", $con); $classtitle = label_save($_POST['classtitle']); if ($_POST['token'] == $_SESSION['token']) { // echo "sessio token is: =>".$_SESSION['token']; // echo "post cookie is: =>".$_POST['token']; $sql = "INSERT INTO `classify`(`classtitle`) VALUES ('" . $classtitle . "')"; mysql_query("set names'utf8'"); $result = mysql_query($sql, $con); if (!$result) { die('Error: ' . mysql_error()); } else { echo "sucess"; } } else { echo "token don‘t allow!"; } } mysql_close($con);