Home >Backend Development >PHP Tutorial >How to use the PHP form submission program safely Page 1/2_PHP Tutorial

How to use the PHP form submission program safely Page 1/2_PHP Tutorial

WBOY
WBOYOriginal
2016-07-21 15:51:19825browse

It is used to display error messages and success messages. In fact, it can also directly echo out error messages. Here I just want my error message page to be more beautiful, so I define a function for page output.

Copy code The code is as follows:

// savecomment.php// Don’t read it yet Note, after reading this article, go back and read
require ("config.php");
mysql_connect($servername,$dbusername,$dbpassword) or die ("Database connection failed");
$name=$_POST['name'];
$content=$_POST['content'];
$blogid=$_POST['blogid'];
$datearray=getdate(time( ));
$date=date("Y-m-d h:i:s",$datearray[0]);
if (!empty($name) && !empty($content)){ //Use the empty function to determine if the form is not empty, then go down.                                                                                                                                                                    .
error("The name exceeds 20 bytes (20 English or 10 Chinese characters)
");
error(“Hidden data has been illegally modified, please return
”);
    }  
//Since $blogid will be put into select later, this variable is used to mark comments Which article does it belong to? It is of type int. Although it is a hidden variable, an attacker can also modify the remote submission locally, so we need to check the type before putting it in the select.
$blogsql = "Select * FROM $comment_table Where blogid=$blogid"
$blogresult = mysql_db_query($dbname, $blogsql);
$blog = mysql_fetch_array($blogresult);                                   
if( strlen($name) == strlen($blog[name]) && strlen($content) == strlen($blog[content])){                                                                                                                          It may be the same, but if both are the same, the probability of occurrence is quite small under normal circumstances, so use && to judge at the same time.                                                                                                                                                          For more detailed instructions, please see later in the article. && Less than 2 minutes
”);  
} else {  $content','$blogid')"                                                                                                                                                   🎜>succeed("Comment submitted successfully
");                                                🎜>?>


The above is a file that records comment data. The form is as follows:



Copy code

The code is as follows:



Your name:
Comment content:


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/319224.htmlTechArticle is used to display error messages and success messages. In fact, you can also echo error messages directly. Here I just want to The error message page is more beautiful. It just defines a function for page output. ...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn