当前位置: 首页 > 图文教程 > 网络编程 > PHP > 一个模仿oso的论坛程序(之三)

PHP
PHP默认安装产生系统漏洞
ip签名探针
4.与数据库的连接
2.PHP入门
1.PHP简介
随机头像PHP版
自动跳转中英文页面
漂亮但不安全的CTB
3.从实例开始
用PHP 4.2书写安全的脚本
PHP安全配置
如何对PHP程序中的常见漏洞进行攻击
风格模板初级不完全修改教程
优化NFR之一 --MSSQL Hello Buffer Overflow
不用GD库生成当前时间的PNG格式图象的程序
用PHP调用Oracle存储过程
PHP分页显示制作详细讲解
将PHP作为Shell脚本语言使用
MVC模式的PHP实现
编写PHP的安全策略

PHP 中的 一个模仿oso的论坛程序(之三)


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-11-03   浏览: 188 ::
收藏到网摘: n/a

  程序三:readforum.php

<HTML>
<HEAD>
<TITLE> 论坛信息 </TITLE>
<link rel="STYLESHEET" type="text/css" href="fp_zhangcg.css">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="Microsoft Theme" content="none">
<meta name="Microsoft Border" content="none">
<META NAME="Generator" CONTENT="EditPlus">
<META NAME="Author" CONTENT="">
<META NAME="Keywords" CONTENT="">
<META NAME="Description" CONTENT="">
</HEAD>
<body bgcolor="#C0C0C0" background="backcolor.GIF">

<?
  include ("c:mydbheader.inc");
?>

<?php  
//完成功能:

//echo $username;
//echo $useremail;
//echo $userhttp;
//echo $forumtitle;
//echo $fouumface;
//echo $forumcontent;  
//echo $theme_id;

echo 'g_username:'.$GLOBALS["g_username"].' is ok';
$dbh = mysql_connect('localhost:3306','root','');
mysql_select_db('test');  
if (empty($readflag)) {
   $readflag = 0;
}  
if ($readflag > 0) {
   $theme_id = $readflag;
}

if (empty($theme_id)) {
   $theme_id = 0;
}  
  
//echo $username;
//echo $useremail;
//echo $userhttp;
//echo $forumtitle;
//echo $fouumface;
//echo $forumcontent;  

if (($readflag == 0) and ($theme_id == 0)) {   //增加数据
    if (empty($username)) {
       print "错误,请核对数据";
    }
     $res=mysql_query("SELECT max(id) + 1 AS rid FROM fr_t_forumtitle",$dbh);   
    $row=mysql_fetch_array($res);
    if (empty($row["rid"])) {
       $theme_id = 1;   
    } else {
      $theme_id = $row["rid"] + 1;   
    }
    $tempstr = " insert into fr_t_forumtitle(id,state,readcount,replycount,title,";
    $tempstr = $tempstr."createman,replytime) ";
    $tempstr = $tempstr." values(".$theme_id.",'0',0,-1,'".$forumtitle."','".$username."',now());";
    $res=mysql_query($tempstr,$dbh);
}
if ($readflag == 0 ) {
    $forumcontent =  nl2br($forumcontent);
    $tempstr = " insert into fr_t_forumcontent(id,content,replyman,replyemail,";
    $tempstr = $tempstr."replyhttp,replytime,replyface)";
    $tempstr = $tempstr." values(".$theme_id.",'".$forumcontent."','".$username."','".
        $useremail."','".$userhttp."',now(),".$forumface.");";
    $res=mysql_query($tempstr,$dbh);
    $tempstr = " update fr_t_forumtitle set readcount = readcount +1,replycount = replycount + 1,";
    $tempstr = $tempstr."replytime = now(),replyman ='".$username."' where id=".$theme_id;  
    $res=mysql_query($tempstr,$dbh);
} else {
    $tempstr = " update fr_t_forumtitle set readcount = readcount +1 where id =".$theme_id;
    $res=mysql_query($tempstr,$dbh);
}
?&g