示例#1
0
//转换成硬路径,引用速度更快
require dirname(__FILE__) . '/includes/common.inc.php';
//修改资料
if (isset($_GET['action']) && $_GET['action'] == 'modify') {
    //为了防止恶意注册,跨站攻击
    _check_code($_POST['code'], $_SESSION['code']);
    if (!!($_rows = _fetch_array("select tg_uniqid from tg_user where tg_username='******'username']}' limit 1"))) {
        //为了防止cookie伪造,还要比对一下唯一标示符uniqid()
        _uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
        //引入验证文件
        include ROOT_PATH . 'includes/check.func.php';
        //创建一个空数组,用来存放提交过来的合法数据
        $_clean = array();
        $_clean['password'] = _check_modify_password($_POST['password'], 6);
        $_clean['sex'] = _check_sex($_POST['sex']);
        $_clean['face'] = _check_face($_POST['face']);
        $_clean['email'] = _check_email($_POST['email'], 5, 40);
        $_clean['qq'] = _check_qq($_POST['qq']);
        $_clean['url'] = _check_url($_POST['url'], 40);
        $_clean['switch'] = $_POST['switch'];
        $_clean['autograph'] = _check_autograph($_POST['autograph'], 200);
        //修改资料
        if (empty($_clean['password'])) {
            _query("update tg_user set \n\t\t\t\t\t\t\t\t\t\t\ttg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_qq='{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}'\n\t\t\t\t\t\t\t\t\t\t");
        } else {
            _query("update tg_user set \n\t\t\t\t\t\t\t\t\t\t\ttg_password='******'password']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_qq='{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}'\n\t\t\t\t\t\t\t\t\t\t");
        }
    }
    //判断是否修改成功
    if (_affected_rows() == 1) {
        //关闭
示例#2
0
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
    //move_uploaded_file()
    //将上传的文件移动到新位置
    if (!move_uploaded_file($_FILES['userfile']['tmp_name'], URL . '/' . $_FILES['userfile']['name'])) {
        //如果移动失败
        echo "<script>alert('移动失败!');history.back();</script>";
        exit;
    }
} else {
    echo "<script>alert('临时文件夹下找不到上传文件!');history.back();</script>";
    exit;
}
//存入数据库
$_clean = array();
$_clean['name'] = _check_username(@$_POST['title'], 2, 20);
$_clean['pic'] = _check_face($_FILES['userfile']['name']);
$_clean['material'] = @$_POST['material'];
$_clean['seasoning'] = @$_POST['seasoning'];
$_clean['content'] = @$_POST['content'];
$_clean['sort'] = @$_POST['sort'];
$_clean['price'] = floatval(@$_POST['price']);
$_clean['count'] = intval(@$_POST['count']);
$_clean['sort'] = @$_POST['sort'];
_query("INSERT INTO\n\t\t\ttb_food (name,pic,material,seasoning,content,sort,price,date_time,stock)\n\t\tVALUES\n\t\t\t(\n\t\t\t'{$_clean['name']}',\n\t\t\t'{$_clean['pic']}',\n\t\t\t'{$_clean['material']}',\n\t\t\t'{$_clean['seasoning']}',\n\t\t\t'{$_clean['content']}',\n\t\t\t'{$_clean['sort']}',\n\t\t\t'{$_clean['price']}',\n\t\t\t'{$_clean['count']}',\n\t\t\tNOW()\n\t\t\t)\n\t\t\t\t\t");
if (_affected_rows() == 1) {
    _close();
    _location('恭喜你,添加成功!', 'db_food_add.php');
} else {
    _close();
    _location('很遗憾,添加失败!', 'db_food_add.php');
}