As mentioned in the previous article, the page after the form was submitted in story.php is story_submit.php, so let's take a look at how story_submit.php finished the post.
In the old way, the code first:
<?php# add/modify Story recordinclude_once (' include_fns.php '); $handle = Db_connect (); $headline = $_request[' Headline ']; $page = $_request[' page '); $time = time (); if (Isset ($_files[' HTML ' [' name ']) && (dirname ($_files[') HTML ' [' type ']) = = ' text ') &&is_uploaded_file ($_files[' HTML ' [' Tmp_name ']))) {//if user upload some FILES, then Set the content of the files as the Story_text$story_text = file_get_contents ($_files[' HTML ' [' Tmp_name ']);} else{$story _text = $_request[' Story_text ');} $story _text = addslashes ($story _text); if (Isset ($_request[' story ") && $_request[' story ']!= ') {# it ' s an Update$story = $_request[' story ']; $query = "Update stories set headline = ' $headline ', Story_text = ' $story _text ', page = ' $page ', modified = $time where id = $story ";} else{//it ' s a new story$query = "INSERT into stories (headline,story_text,page,writer,created,modified) VALUES (' $head Line ', ' $story _text ', ' $page ', ' ". $_session[' Auth_User ']." ', $time, $time) ";} $result = mysql_query ($query), if (! $result) {# Code...echo "There is a database error when executing <pre> $query </pre& gt; "; Echo Mysql_error (); exit; }if ((Isset ($_files[' picture '] [' name ']) && is_uploaded_file ($_files[' picture '] [' tmp_name ']))) {# there Uploaded Pictureif (!isset ($_request[' story ") | | $_request[' story ']== ') {$story = mysql_insert_id ($handle);//Mysql_ INSERT_ID return the auto generated ID used in the last query} $type = basename ($_files[' picture '] [' type ']); switch ($type) {case ' JPEG ': Case ' pjpeg ': Case ' png ': case ' jpg ': $filename = ' images/$story. jpg ', move_uploaded_file ($_files[' picture ') [' Tmp_name '], '. /'. $filename); $query = "Update stories set picture = ' $filename ' WHERE id = $story"; $result = mysql_query ($query); ;d efault:echo ' Invalid picture format: '. $_files[' picture ' [' type '];break;}} else{//There is no image file to upload or didn ' t get the file ' s Infoecho ' Possible file upload attack: '; echo ' filename ' ". $_files[' picture '] [' tmp_name ']." '. ";} HEader (' Location: '. $_request[' destination ');? >
let's go through the code as a whole:
7th, line 8
Both of these variables are the parameters obtained from the story.php submission Form on the previous page
Line 9th
The time function returns a timestamp
11-18 rows
This part of the code returns the contents of the uploaded HTML file
Line 20th
Here is the use of PHP to send text content to the database of a function:addslashes, the role of some specific symbols preceded by a/symbol, a specific symbol has ', ', nul, \ , ETC.,
For example:
And then I was searching for this function, and found another way to mysql_escape_string,
22-39 rows
According to the parameters passed in, there is no story to determine whether it is an update or a newly added story, which we have mentioned before.
50-75 rows
is the standard PHP upload file steps, you can try to remember
Note that line 54th is the next field that gets the self-increment sequence
Last line 82nd
We have mentioned in the last blog, in the form submitted two hidden parameters, one of which is destination, in fact, is writer.php page.
Well, basically there's nothing particularly difficult about this page.
We're looking at a simpler delete_story.php .
Use the check_permission function to determine whether the current user has permission to modify, and if so, to delete the current article.
Check_permission is in the user_auth_fns.php file
OK, the article changes and the new section we all finished, the next blog, we introduce publish related 3 files
Step by step teach you to build a website with php+mysql no.5 picture upload, story delete