Step by step teach you to build a website with php+mysql no.5 picture upload, story delete

As mentioned in the previous article, the page after the form was submitted in story.php is story_submit.php, so let's take a look at how story_submit.php finished the post.

In the old way, the code first:

<?php# add/modify Story recordinclude_once (' include_fns.php '); $handle = Db_connect (); $headline = $_request[' Headline ']; $page = $_request[' page '); $time = time (); if (Isset ($_files[' HTML ' [' name ']) && (dirname ($_files[')  HTML ' [' type ']) = = ' text ') &&is_uploaded_file ($_files[' HTML ' [' Tmp_name ']))) {//if user upload some FILES, then Set the content of the files as the Story_text$story_text = file_get_contents ($_files[' HTML ' [' Tmp_name ']);} else{$story _text = $_request[' Story_text ');} $story _text = addslashes ($story _text); if (Isset ($_request[' story ") && $_request[' story ']!= ') {# it ' s an    Update$story = $_request[' story ']; $query = "Update stories set headline = ' $headline ', Story_text = ' $story _text ', page = ' $page ', modified = $time where id = $story ";} else{//it ' s a new story$query = "INSERT into stories (headline,story_text,page,writer,created,modified) VALUES (' $head Line ', ' $story _text ', ' $page ', ' ". $_session[' Auth_User ']." ', $time, $time) ";} $result = mysql_query ($query), if (! $result) {# Code...echo "There is a database error when executing <pre> $query </pre& gt; "; Echo Mysql_error (); exit; }if ((Isset ($_files[' picture '] [' name ']) && is_uploaded_file ($_files[' picture '] [' tmp_name ']))) {# there Uploaded Pictureif (!isset ($_request[' story ") | | $_request[' story ']== ') {$story = mysql_insert_id ($handle);//Mysql_  INSERT_ID return the auto generated ID used in the last query} $type = basename ($_files[' picture '] [' type ']); switch ($type) {case ' JPEG ': Case ' pjpeg ': Case ' png ': case ' jpg ': $filename = ' images/$story. jpg ', move_uploaded_file ($_files[' picture ') [' Tmp_name '], '. /'. $filename); $query = "Update stories set picture = ' $filename ' WHERE id = $story"; $result = mysql_query ($query); ;d efault:echo ' Invalid picture format: '. $_files[' picture ' [' type '];break;}} else{//There is no image file to upload or didn ' t get the file ' s Infoecho ' Possible file upload attack: '; echo ' filename ' ". $_files[' picture '] [' tmp_name ']." '. ";} HEader (' Location: '. $_request[' destination ');? >

let's go through the code as a whole:

7th, line 8

Both of these variables are the parameters obtained from the story.php submission Form on the previous page

Line 9th

The time function returns a timestamp

11-18 rows

This part of the code returns the contents of the uploaded HTML file

Line 20th

Here is the use of PHP to send text content to the database of a function:addslashes, the role of some specific symbols preceded by a/symbol, a specific symbol has ', ', nul, \ , ETC.,

For example:

And then I was searching for this function, and found another way to mysql_escape_string,

22-39 rows

According to the parameters passed in, there is no story to determine whether it is an update or a newly added story, which we have mentioned before.

50-75 rows

is the standard PHP upload file steps, you can try to remember

Note that line 54th is the next field that gets the self-increment sequence

Last line 82nd

We have mentioned in the last blog, in the form submitted two hidden parameters, one of which is destination, in fact, is writer.php page.

Well, basically there's nothing particularly difficult about this page.

We're looking at a simpler delete_story.php .

Use the check_permission function to determine whether the current user has permission to modify, and if so, to delete the current article.

Check_permission is in the user_auth_fns.php file

OK, the article changes and the new section we all finished, the next blog, we introduce publish related 3 files

Step by step teach you to build a website with php+mysql no.5 picture upload, story delete