How to use the PHP form submission program safely Page 1/2_PHP Tutorial

It is used to display error messages and success messages. In fact, it can also directly echo out error messages. Here I just want my error message page to be more beautiful, so I define a function for page output.

Copy code The code is as follows:

// savecomment.php// Don’t read it yet Note, after reading this article, go back and read
require ("config.php");
mysql_connect($servername,$dbusername,$dbpassword) or die ("Database connection failed");
$name=$_POST['name'];
$content=$_POST['content'];
$blogid=$_POST['blogid'];
$datearray=getdate(time( ));
$date=date("Y-m-d h:i:s",$datearray[0]);
if (!empty($name) && !empty($content)){ //Use the empty function to determine if the form is not empty, then go down.                                                                                                                                                                    .
error("The name exceeds 20 bytes (20 English or 10 Chinese characters)
");
error(“Hidden data has been illegally modified, please return
”);
    }  
//Since $blogid will be put into select later, this variable is used to mark comments Which article does it belong to? It is of type int. Although it is a hidden variable, an attacker can also modify the remote submission locally, so we need to check the type before putting it in the select.
$blogsql = "Select * FROM $comment_table Where blogid=$blogid"
$blogresult = mysql_db_query($dbname, $blogsql);
$blog = mysql_fetch_array($blogresult);                                   
if( strlen($name) == strlen($blog[name]) && strlen($content) == strlen($blog[content])){                                                                                                                          It may be the same, but if both are the same, the probability of occurrence is quite small under normal circumstances, so use && to judge at the same time.                                                                                                                                                          For more detailed instructions, please see later in the article. && Less than 2 minutes
”);  
} else {  $content','$blogid')"                                                                                                                                                   🎜>succeed("Comment submitted successfully
");                                                🎜>?>


The above is a file that records comment data. The form is as follows:



Copy code

The code is as follows:

Your name:
Comment content:

http://www.bkjia.com/PHPjc/319224.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/319224.htmlTechArticle is used to display error messages and success messages. In fact, you can also echo error messages directly. Here I just want to The error message page is more beautiful. It just defines a function for page output. ...