<?php if (isset($_POST['code'])) { require './config.php'; $the_SQL = mySQLi_connect($SQL_host, $SQL_user, $SQL_passwd, $SQL_name); if (!$the_SQL) { show_error_exit('Could not connect to MySQL, f**k this world.'); } if (!mysqli_query($the_SQL, "SELECT * FROM codes")) { $is_ok = mysqli_query($the_SQL, "CREATE TABLE codes (\n\t\t\t\tid int NOT NULL AUTO_INCREMENT,\n\t\t\t\tPRIMARY KEY(id),\n\t\t\t\tlang tinytext,\n\t\t\t\tcode longtext\n\t\t\t)"); if (!$is_ok) { echo 'Could not create database table'; } } $the_code = $_POST['code']; $the_lang = $_POST['lang']; if (!preg_match('/^[A-Za-z0-9]+$/', $the_lang)) { echo "bad DATA"; } $the_code = str_replace("&", "&", $the_code); $the_code = str_replace("'", "'", $the_code); $the_code = str_replace("\"", "*", $the_code); $the_code = str_replace("=", "=", $the_code); $the_code = str_replace("?", "?", $the_code); $the_code = str_replace("\\", "\", $the_code); $the_code = str_replace("<", "<", $the_code); $the_code = str_replace(">", ">", $the_code); mysqli_query($the_SQL, "INSERT INTO codes (lang, code) VALUES ('{$the_lang}', '{$the_code}');"); $result = mysqli_query($the_SQL, "SELECT count(*) FROM codes"); $id = mysqli_fetch_array($result)[0]; if ($ReWrite) {
//有密码标记为假 $passwd = false; //如果用户中已记录这个ID,则删除它 if (isset($_COOKIE['myNoteUsername'])) { $key = array_search($noteId, $user_notes_array); array_splice($user_notes_array, $key, 1); $user_notes = implode(";", $user_notes_array); mysqli_query($notesql, "UPDATE " . $sql_table_user . " SET notes = '" . $user_notes . "' WHERE username = '******'"); } reLocation($new_id); } if (isset($_POST['the_username'])) { $username = $_POST['the_username']; if (!preg_match('/^[A-Za-z0-9]+$/', $username) || strlen($username) < 3 || strlen($username) > 200) { //如果username不符合规范 show_error_exit("错误:输入的用户名不合法"); } setcookie("myNoteUsername", $username, time() + 2592000); reLocation($noteId); } if (isset($_POST['the_note']) && (isset($_POST['save']) || @$_POST['ajax_save'] === 'yes')) { $to_save_raw = $_POST['the_note']; if (@$_POST['note_type'] == 'md_note') { $to_save_raw = $the_markdown_type . $to_save_raw; } if (!$use_sql) { $to_save_raw = str_replace("<", "<", $to_save_raw); $to_save_raw = str_replace(">", ">", $to_save_raw); file_put_contents(NOTE_DATA . $noteId, str_replace("\\", "\", $to_save_raw)); } else { $to_save_tmp = $to_save_raw;