//转换成硬路径,引用速度更快 require dirname(__FILE__) . '/includes/common.inc.php'; //修改资料 if (isset($_GET['action']) && $_GET['action'] == 'modify') { //为了防止恶意注册,跨站攻击 _check_code($_POST['code'], $_SESSION['code']); if (!!($_rows = _fetch_array("select tg_uniqid from tg_user where tg_username='******'username']}' limit 1"))) { //为了防止cookie伪造,还要比对一下唯一标示符uniqid() _uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建一个空数组,用来存放提交过来的合法数据 $_clean = array(); $_clean['password'] = _check_modify_password($_POST['password'], 6); $_clean['sex'] = _check_sex($_POST['sex']); $_clean['face'] = _check_face($_POST['face']); $_clean['email'] = _check_email($_POST['email'], 5, 40); $_clean['qq'] = _check_qq($_POST['qq']); $_clean['url'] = _check_url($_POST['url'], 40); $_clean['switch'] = $_POST['switch']; $_clean['autograph'] = _check_autograph($_POST['autograph'], 200); //修改资料 if (empty($_clean['password'])) { _query("update tg_user set \n\t\t\t\t\t\t\t\t\t\t\ttg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_qq='{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}'\n\t\t\t\t\t\t\t\t\t\t"); } else { _query("update tg_user set \n\t\t\t\t\t\t\t\t\t\t\ttg_password='******'password']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_qq='{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}'\n\t\t\t\t\t\t\t\t\t\t"); } } //判断是否修改成功 if (_affected_rows() == 1) { //关闭
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { //move_uploaded_file() //将上传的文件移动到新位置 if (!move_uploaded_file($_FILES['userfile']['tmp_name'], URL . '/' . $_FILES['userfile']['name'])) { //如果移动失败 echo "<script>alert('移动失败!');history.back();</script>"; exit; } } else { echo "<script>alert('临时文件夹下找不到上传文件!');history.back();</script>"; exit; } //存入数据库 $_clean = array(); $_clean['name'] = _check_username(@$_POST['title'], 2, 20); $_clean['pic'] = _check_face($_FILES['userfile']['name']); $_clean['material'] = @$_POST['material']; $_clean['seasoning'] = @$_POST['seasoning']; $_clean['content'] = @$_POST['content']; $_clean['sort'] = @$_POST['sort']; $_clean['price'] = floatval(@$_POST['price']); $_clean['count'] = intval(@$_POST['count']); $_clean['sort'] = @$_POST['sort']; _query("INSERT INTO\n\t\t\ttb_food (name,pic,material,seasoning,content,sort,price,date_time,stock)\n\t\tVALUES\n\t\t\t(\n\t\t\t'{$_clean['name']}',\n\t\t\t'{$_clean['pic']}',\n\t\t\t'{$_clean['material']}',\n\t\t\t'{$_clean['seasoning']}',\n\t\t\t'{$_clean['content']}',\n\t\t\t'{$_clean['sort']}',\n\t\t\t'{$_clean['price']}',\n\t\t\t'{$_clean['count']}',\n\t\t\tNOW()\n\t\t\t)\n\t\t\t\t\t"); if (_affected_rows() == 1) { _close(); _location('恭喜你,添加成功!', 'db_food_add.php'); } else { _close(); _location('很遗憾,添加失败!', 'db_food_add.php'); }