当前位置:Gxlcms > PHP教程 > php留言系统(2)

php留言系统(2)

时间:2021-07-01 10:21:17 帮助过:6人阅读

1、参照之前的(mvc框架总结)将整体框架定下来之后,那么请求默认参数将变为:

https://www.gxlcms.com///https://www.gxlcms.com/默认请求首页:
    https://www.gxlcms.com///https://www.gxlcms.com/P=front
    https://www.gxlcms.com///https://www.gxlcms.com/C=fIndex
    https://www.gxlcms.com///https://www.gxlcms.com/A=show

1.1 找到控制器fIndexController下的动作:

https://www.gxlcms.com///https://www.gxlcms.com/首页展示动作
        https://www.gxlcms.com/publichttps://www.gxlcms.com/ function showAction()
        {
            https://www.gxlcms.com///https://www.gxlcms.com/防止恶意调用
            $https://www.gxlcms.com/this->https://www.gxlcms.com/checkAuthority();
            https://www.gxlcms.com///https://www.gxlcms.com/不需要具体模型,直接载入模版
            require CUR_VIE_PATH.https://www.gxlcms.com/'https://www.gxlcms.com/index.htmlhttps://www.gxlcms.com/'https://www.gxlcms.com/;
        }

2、防止恶意调用这一块放于我们的Controller层面,所有模型几乎都要用到,因此将其放于基础模型,、

https://www.gxlcms.com//*https://www.gxlcms.com/
     * 防止恶意调用方法,适用于全部方法
     https://www.gxlcms.com/*/
    https://www.gxlcms.com/protectedhttps://www.gxlcms.com/ function checkAuthority()
    {
        https://www.gxlcms.com/if(!defined(https://www.gxlcms.com/'https://www.gxlcms.com/IN_NGhttps://www.gxlcms.com/'https://www.gxlcms.com/))
        {
            exit(https://www.gxlcms.com/"https://www.gxlcms.com/you no authorityhttps://www.gxlcms.com/"https://www.gxlcms.com/);
        }
    }

随时调用该方法

3、拒绝php低版本,由于总是在运行,所以直接放入初始文件Framework.class.php

4.1将 CSS做成包含文件

每个页面都要导入CSS,着实麻烦,我们定一个文件title.inc.html。

但是每个页面却有一个不相同的CSS,那么可以定义一个常量来证明本页。

define('SCRIPT','index');

Your Title
    php
        require https://www.gxlcms.com/'https://www.gxlcms.com/application/view/front/title.inc.htmlhttps://www.gxlcms.com/'
    ?>

其中title.inc.html代码

"https://www.gxlcms.com/shortcut iconhttps://www.gxlcms.com/" href=https://www.gxlcms.com/"https://www.gxlcms.com/favicon.icohttps://www.gxlcms.com/" />
"https://www.gxlcms.com/stylesheethttps://www.gxlcms.com/" type=https://www.gxlcms.com/"https://www.gxlcms.com/text/csshttps://www.gxlcms.com/" href=https://www.gxlcms.com/"https://www.gxlcms.com/public/front/css/1/basic.csshttps://www.gxlcms.com/" />
"https://www.gxlcms.com/stylesheethttps://www.gxlcms.com/" type=https://www.gxlcms.com/"https://www.gxlcms.com/text/csshttps://www.gxlcms.com/" href=https://www.gxlcms.com/"https://www.gxlcms.com/public/front/css/1/.csshttps://www.gxlcms.com/" />

5.2 创建注册页面register.html

https://www.gxlcms.com/参数请求为:
    请求注册页
        P=https://www.gxlcms.com/front
        C=https://www.gxlcms.com/fRegister
        A=show

代码为:

"https://www.gxlcms.com/registerhttps://www.gxlcms.com/">
        

会员注册

5.3点击头像弹出选择头像框:

"https://www.gxlcms.com/public/front/face/m01.gifhttps://www.gxlcms.com/" alt=https://www.gxlcms.com/"https://www.gxlcms.com/头像选择https://www.gxlcms.com/"https://www.gxlcms.com/
                        onclick=https://www.gxlcms.com/"https://www.gxlcms.com/javascript:window.open('face.php','face','width=400,height=400,top=0,left=0')https://www.gxlcms.com/" />

这个页面存放着64 张头像页面,可以通过数组循环的方式罗列出来

foreach (range(https://www.gxlcms.com/1,https://www.gxlcms.com/9) https://www.gxlcms.com/as $number) {?>
"https://www.gxlcms.com/face/m0.gifhttps://www.gxlcms.com/" />

6.提交数据
将数据提交到本页,必须做一个名值对,用来判断是否提交了数据。

?action=https://www.gxlcms.com/register
也可以设计一个隐藏字段来做名值对
input
type=https://www.gxlcms.com/"https://www.gxlcms.com/hiddenhttps://www.gxlcms.com/"https://www.gxlcms.com/
name=https://www.gxlcms.com/"https://www.gxlcms.com/actionhttps://www.gxlcms.com/"https://www.gxlcms.com/
value=https://www.gxlcms.com/"https://www.gxlcms.com/registerhttps://www.gxlcms.com/"
/>

6.1核对验证码
验证码的用途是为了防止恶意注册和一些表单伪造跨站攻击等。
验证码里保存在session 里面,可以判断是否是当前表单提交,而刷新一次后验证码随
即变化,又可以防止多次恶意注册。

https://www.gxlcms.com/if (!($_POST[https://www.gxlcms.com/'https://www.gxlcms.com/yzmhttps://www.gxlcms.com/'] == $_SESSION[https://www.gxlcms.com/'https://www.gxlcms.com/codehttps://www.gxlcms.com/'https://www.gxlcms.com/])) {
_alert_back(https://www.gxlcms.com/'https://www.gxlcms.com/验证码有误,请重新输入!https://www.gxlcms.com/'https://www.gxlcms.com/);
}

6.2.接受数据

https://www.gxlcms.com/设计变量,将数据提交出来赋值给变量
$_username
=https://www.gxlcms.com/
$_POST[https://www.gxlcms.com/'https://www.gxlcms.com/usernamehttps://www.gxlcms.com/'https://www.gxlcms.com/];
也可以通过一个数组来存放提交过来的值
$_clean
=https://www.gxlcms.com/
array();
$_clean[https://www.gxlcms.com/'https://www.gxlcms.com/usernamehttps://www.gxlcms.com/'https://www.gxlcms.com/]
=https://www.gxlcms.com/
$_POST[https://www.gxlcms.com/'https://www.gxlcms.com/usernamehttps://www.gxlcms.com/']

6.3各种限制与过滤

https://www.gxlcms.com/1.首先,必须去掉两边的空格
$_string = trim($_string);

https://www.gxlcms.com/2.其次长度限制
https://www.gxlcms.com/if (mb_strlen($_string,https://www.gxlcms.com/'https://www.gxlcms.com/utf-8https://www.gxlcms.com/') < $_min_num || mb_strlen($_string,https://www.gxlcms.com/'https://www.gxlcms.com/utf-8https://www.gxlcms.com/') > $_max_num)

https://www.gxlcms.com/3.敏感字符限制
$_char_pattern = https://www.gxlcms.com/'https://www.gxlcms.com//[<>\'\"\ \ ]/https://www.gxlcms.com/'https://www.gxlcms.com/;
https://www.gxlcms.com/if (preg_match($_char_pattern,$_string)) {}

https://www.gxlcms.com/4.敏感用户名限制
$_mg[https://www.gxlcms.com/0] = https://www.gxlcms.com/'https://www.gxlcms.com/22https://www.gxlcms.com/'https://www.gxlcms.com/;
$_mg[https://www.gxlcms.com/1] = https://www.gxlcms.com/'https://www.gxlcms.com/11https://www.gxlcms.com/'https://www.gxlcms.com/;
$_mg[https://www.gxlcms.com/2] = https://www.gxlcms.com/'https://www.gxlcms.com/33https://www.gxlcms.com/'https://www.gxlcms.com/;
https://www.gxlcms.com/foreach ($_mg https://www.gxlcms.com/ashttps://www.gxlcms.com/ $value) {
$_mg_string .= https://www.gxlcms.com/'https://www.gxlcms.com/[https://www.gxlcms.com/'.$value.https://www.gxlcms.com/'https://www.gxlcms.com/]https://www.gxlcms.com/'.https://www.gxlcms.com/'https://www.gxlcms.com/\nhttps://www.gxlcms.com/'https://www.gxlcms.com/;
}
https://www.gxlcms.com/ifhttps://www.gxlcms.com/ (in_array($_string,$_mg)) {
_alert_back($_mg_string.https://www.gxlcms.com/'https://www.gxlcms.com/以上敏感用户名不得注册!https://www.gxlcms.com/'https://www.gxlcms.com/);
}

https://www.gxlcms.com/5.转义输入,有效防止SQL 注入问题
https://www.gxlcms.com///https://www.gxlcms.com/mysql_escape_string();
https://www.gxlcms.com///https://www.gxlcms.com/addslashes()
https://www.gxlcms.com/return mysql_real_escape_string($_string); https://www.gxlcms.com///https://www.gxlcms.com/这个mysql_是需要连接数据库的

以上就介绍了php留言系统(2),包括了方面的内容,希望对PHP教程有兴趣的朋友有所帮助。

人气教程排行