1、参照之前的(mvc框架总结)将整体框架定下来之后,那么请求默认参数将变为:
https://www.gxlcms.com///https://www.gxlcms.com/默认请求首页:
https://www.gxlcms.com///https://www.gxlcms.com/P=front
https://www.gxlcms.com///https://www.gxlcms.com/C=fIndex
https://www.gxlcms.com///https://www.gxlcms.com/A=show
1.1 找到控制器fIndexController下的动作:
https://www.gxlcms.com///https://www.gxlcms.com/首页展示动作
https://www.gxlcms.com/publichttps://www.gxlcms.com/ function showAction()
{
https://www.gxlcms.com///https://www.gxlcms.com/防止恶意调用
$https://www.gxlcms.com/this->https://www.gxlcms.com/checkAuthority();
https://www.gxlcms.com///https://www.gxlcms.com/不需要具体模型,直接载入模版
require CUR_VIE_PATH.https://www.gxlcms.com/'https://www.gxlcms.com/index.htmlhttps://www.gxlcms.com/'https://www.gxlcms.com/;
}
2、防止恶意调用这一块放于我们的Controller层面,所有模型几乎都要用到,因此将其放于基础模型,、
https://www.gxlcms.com//*https://www.gxlcms.com/
* 防止恶意调用方法,适用于全部方法
https://www.gxlcms.com/*/
https://www.gxlcms.com/protectedhttps://www.gxlcms.com/ function checkAuthority()
{
https://www.gxlcms.com/if(!defined(https://www.gxlcms.com/'https://www.gxlcms.com/IN_NGhttps://www.gxlcms.com/'https://www.gxlcms.com/))
{
exit(https://www.gxlcms.com/"https://www.gxlcms.com/you no authorityhttps://www.gxlcms.com/"https://www.gxlcms.com/);
}
}
随时调用该方法
3、拒绝php低版本,由于总是在运行,所以直接放入初始文件Framework.class.php
4.1将 CSS做成包含文件
每个页面都要导入CSS,着实麻烦,我们定一个文件title.inc.html。
但是每个页面却有一个不相同的CSS,那么可以定义一个常量来证明本页。
define('SCRIPT','index');
Your Title
php
require https://www.gxlcms.com/'https://www.gxlcms.com/application/view/front/title.inc.htmlhttps://www.gxlcms.com/'
?>
其中title.inc.html代码
"https://www.gxlcms.com/shortcut iconhttps://www.gxlcms.com/" href=https://www.gxlcms.com/"https://www.gxlcms.com/favicon.icohttps://www.gxlcms.com/" />
"https://www.gxlcms.com/stylesheethttps://www.gxlcms.com/" type=https://www.gxlcms.com/"https://www.gxlcms.com/text/csshttps://www.gxlcms.com/" href=https://www.gxlcms.com/"https://www.gxlcms.com/public/front/css/1/basic.csshttps://www.gxlcms.com/" />
"https://www.gxlcms.com/stylesheethttps://www.gxlcms.com/" type=https://www.gxlcms.com/"https://www.gxlcms.com/text/csshttps://www.gxlcms.com/" href=https://www.gxlcms.com/"https://www.gxlcms.com/public/front/css/1/.csshttps://www.gxlcms.com/" />
5.2 创建注册页面register.html
https://www.gxlcms.com/参数请求为:
请求注册页
P=https://www.gxlcms.com/front
C=https://www.gxlcms.com/fRegister
A=show
代码为:
"https://www.gxlcms.com/registerhttps://www.gxlcms.com/">
会员注册
5.3点击头像弹出选择头像框:
"https://www.gxlcms.com/public/front/face/m01.gifhttps://www.gxlcms.com/" alt=https://www.gxlcms.com/"https://www.gxlcms.com/头像选择https://www.gxlcms.com/"https://www.gxlcms.com/
onclick=https://www.gxlcms.com/"https://www.gxlcms.com/javascript:window.open('face.php','face','width=400,height=400,top=0,left=0')https://www.gxlcms.com/" />
这个页面存放着64 张头像页面,可以通过数组循环的方式罗列出来
foreach (range(https://www.gxlcms.com/1,https://www.gxlcms.com/9) https://www.gxlcms.com/as $number) {?>
"https://www.gxlcms.com/face/m0.gifhttps://www.gxlcms.com/" />
6.提交数据
将数据提交到本页,必须做一个名值对,用来判断是否提交了数据。
?action=https://www.gxlcms.com/register
也可以设计一个隐藏字段来做名值对
input
type=https://www.gxlcms.com/"https://www.gxlcms.com/hiddenhttps://www.gxlcms.com/"https://www.gxlcms.com/
name=https://www.gxlcms.com/"https://www.gxlcms.com/actionhttps://www.gxlcms.com/"https://www.gxlcms.com/
value=https://www.gxlcms.com/"https://www.gxlcms.com/registerhttps://www.gxlcms.com/"
/>
6.1核对验证码
验证码的用途是为了防止恶意注册和一些表单伪造跨站攻击等。
验证码里保存在session 里面,可以判断是否是当前表单提交,而刷新一次后验证码随
即变化,又可以防止多次恶意注册。
https://www.gxlcms.com/if (!($_POST[https://www.gxlcms.com/'https://www.gxlcms.com/yzmhttps://www.gxlcms.com/'] == $_SESSION[https://www.gxlcms.com/'https://www.gxlcms.com/codehttps://www.gxlcms.com/'https://www.gxlcms.com/])) {
_alert_back(https://www.gxlcms.com/'https://www.gxlcms.com/验证码有误,请重新输入!https://www.gxlcms.com/'https://www.gxlcms.com/);
}
6.2.接受数据
https://www.gxlcms.com/设计变量,将数据提交出来赋值给变量
$_username
=https://www.gxlcms.com/
$_POST[https://www.gxlcms.com/'https://www.gxlcms.com/usernamehttps://www.gxlcms.com/'https://www.gxlcms.com/];
也可以通过一个数组来存放提交过来的值
$_clean
=https://www.gxlcms.com/
array();
$_clean[https://www.gxlcms.com/'https://www.gxlcms.com/usernamehttps://www.gxlcms.com/'https://www.gxlcms.com/]
=https://www.gxlcms.com/
$_POST[https://www.gxlcms.com/'https://www.gxlcms.com/usernamehttps://www.gxlcms.com/']
6.3各种限制与过滤
https://www.gxlcms.com/1.首先,必须去掉两边的空格
$_string = trim($_string);
https://www.gxlcms.com/2.其次长度限制
https://www.gxlcms.com/if (mb_strlen($_string,https://www.gxlcms.com/'https://www.gxlcms.com/utf-8https://www.gxlcms.com/') < $_min_num || mb_strlen($_string,https://www.gxlcms.com/'https://www.gxlcms.com/utf-8https://www.gxlcms.com/') > $_max_num)
https://www.gxlcms.com/3.敏感字符限制
$_char_pattern = https://www.gxlcms.com/'https://www.gxlcms.com//[<>\'\"\ \ ]/https://www.gxlcms.com/'https://www.gxlcms.com/;
https://www.gxlcms.com/if (preg_match($_char_pattern,$_string)) {}
https://www.gxlcms.com/4.敏感用户名限制
$_mg[https://www.gxlcms.com/0] = https://www.gxlcms.com/'https://www.gxlcms.com/22https://www.gxlcms.com/'https://www.gxlcms.com/;
$_mg[https://www.gxlcms.com/1] = https://www.gxlcms.com/'https://www.gxlcms.com/11https://www.gxlcms.com/'https://www.gxlcms.com/;
$_mg[https://www.gxlcms.com/2] = https://www.gxlcms.com/'https://www.gxlcms.com/33https://www.gxlcms.com/'https://www.gxlcms.com/;
https://www.gxlcms.com/foreach ($_mg https://www.gxlcms.com/ashttps://www.gxlcms.com/ $value) {
$_mg_string .= https://www.gxlcms.com/'https://www.gxlcms.com/[https://www.gxlcms.com/'.$value.https://www.gxlcms.com/'https://www.gxlcms.com/]https://www.gxlcms.com/'.https://www.gxlcms.com/'https://www.gxlcms.com/\nhttps://www.gxlcms.com/'https://www.gxlcms.com/;
}
https://www.gxlcms.com/ifhttps://www.gxlcms.com/ (in_array($_string,$_mg)) {
_alert_back($_mg_string.https://www.gxlcms.com/'https://www.gxlcms.com/以上敏感用户名不得注册!https://www.gxlcms.com/'https://www.gxlcms.com/);
}
https://www.gxlcms.com/5.转义输入,有效防止SQL 注入问题
https://www.gxlcms.com///https://www.gxlcms.com/mysql_escape_string();
https://www.gxlcms.com///https://www.gxlcms.com/addslashes()
https://www.gxlcms.com/return mysql_real_escape_string($_string); https://www.gxlcms.com///https://www.gxlcms.com/这个mysql_是需要连接数据库的
以上就介绍了php留言系统(2),包括了方面的内容,希望对PHP教程有兴趣的朋友有所帮助。
