实例说明制作一个php mysql留言本
<?php $hostname_conn = "localhost"; $database_conn = "test"; $username_conn = "root"; $password_conn = "1981427"; $conn = mysql_connect($hostname_conn, $username_conn, $password_conn); ?>
<?php //该函数用于将一般字符串转换成SQL语句所需要的格式 function GetSQLValueString($theValue, $theType) { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; } return $theValue; } ?>
<?php session_start(); //如果Session不存在,则跳转到Admin.php if (!(isset($_SESSION['MM_Username']))) { header("Location: admin.php"); exit; } ?>
<?php require_once('Connections/conn.php'); ?> <?php // *** Validate request to login to this site. session_start(); $loginFormAction = $_SERVER['PHP_SELF']; if (isset($accesscheck)) { $GLOBALS['PrevUrl'] = $accesscheck; session_register('PrevUrl'); } if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "adminmain.php"; $MM_redirectLoginFailed = "admin.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_conn, $conn); $LoginRS__query=sprintf("SELECT adminname, password FROM admin WHERE adminname='%s' AND password='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $GLOBALS['MM_Username'] = $loginUsername; $GLOBALS['MM_UserGroup'] = $loginStrGroup; //register the session variables session_register("MM_Username"); session_register("MM_UserGroup"); if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <style type="text/css"><!-- .style1 {font-size: 18px; font-weight: bold; } .style2 {font-size: 14px} --></style><style type="text/css" bogus="1">.style1 {font-size: 18px; font-weight: bold; } .style2 {font-size: 14px}</style> </head> <body> <p align="center"><span class="style1">留言板 - 管理登陆</span></p> <p align="center"><span class="style2"><a href="viewposts.php" href="viewposts.php">浏览留言</a> | <a href="newpost.php" href="newpost.php">发表留言</a></span></p> <form name="form1" method="POST" action="<?php echo $loginFormAction; ?>"> <table width="239" border="0" align="center"> <tr> <td width="73">用户名:</td> <td width="156"><input name="username" type="text" id="username"></td> </tr> <tr> <td>密码:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="提交"> <input type="reset" name="Submit2" value="重设"></td> </tr> </table> </form> <p align="center"> </p> </body> </html>
<?php require_once('Connections/conn.php'); require_once('inc/accesscheck.php'); require_once('inc/GetSQLValueString.php');?> <?php if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) { $updateSQL = sprintf("UPDATE posts SET checked=1-checked WHERE postid=%s", GetSQLValueString($_GET['postid'], "int")); mysql_select_db($database_conn, $conn); $Result1 = mysql_query($updateSQL, $conn) or die(mysql_error()); $deleteGoTo = "adminmain.php"; if (isset($_SERVER['QUERY_STRING'])) { $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?"; $deleteGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $deleteGoTo)); } ?>
<?php require_once('Connections/conn.php'); require_once('inc/accesscheck.php'); require_once('inc/GetSQLValueString.php'); ?> <?php if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) { $deleteSQL = sprintf("DELETE FROM posts WHERE postid=%s", GetSQLValueString($_GET['postid'], "int")); mysql_select_db($database_conn, $conn); $Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error()); $deleteGoTo = "adminmain.php"; if (isset($_SERVER['QUERY_STRING'])) { $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?"; $deleteGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $deleteGoTo)); } ?>
<?php require_once('Connections/conn.php'); require_once('inc/accesscheck.php'); require_once('inc/GetSQLValueString.php');?> <?php if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) { $deleteSQL = sprintf("UPDATE posts SET replied=0, adminname='', replycontent='' WHERE postid=%s", GetSQLValueString($_GET['postid'], "int")); mysql_select_db($database_conn, $conn); $Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error()); $deleteGoTo = "adminmain.php"; if (isset($_SERVER['QUERY_STRING'])) { $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?"; $deleteGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $deleteGoTo)); } ?>
<?php require_once('Connections/conn.php'); require_once('inc/accesscheck.php'); require_once('inc/GetSQLValueString.php');?> <?php mysql_select_db($database_conn, $conn); $query_rs = "SELECT * FROM posts ORDER BY postid DESC"; $rs = mysql_query($query_rs, $conn) or die(mysql_error()); $row_rs = mysql_fetch_assoc($rs); $totalRows_rs = mysql_num_rows($rs); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <style type="text/css"><!-- .style1 {font-size: 18px; font-weight: bold; } .style2 {font-size: 14px} .style4 {font-size: 12px} .style6 {font-size: 12px; font-weight: bold; } --></style><style type="text/css" bogus="1">.style1 {font-size: 18px; font-weight: bold; } .style2 {font-size: 14px} .style4 {font-size: 12px} .style6 {font-size: 12px; font-weight: bold; }</style> </head> <body> <p align="center"><span class="style1">留言板 - 管理页面</span></p> <p align="center"><span class="style2"><a href="viewposts.php" href="viewposts.php">浏览留言</a> | <a href="newpost.php" href="newpost.php">发表留言</a> | <a href="logout.php" href="logout.php">退出登陆</a></span></p> <p align="center"> </p> <table width="623" border="1" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="91"><span class="style6">留言者用户名</span></td> <td width="210"><span class="style6">留言标题</span></td> <td width="61"> </td> <td width="61"> </td> <td width="61"> </td> <td width="62"> </td> </tr> <?php do { ?> <tr> <td><span class="style4"><?php echo $row_rs['username']; ?></span></td> <td><span class="style4"><?php echo $row_rs['topic']; if($row_rs['checked']==1) echo "(已审批)"; if($row_rs['replied']==1) echo "(已回复)"; ?></span></td> <td><p align="center"><span class="style4"><a href="adminreply.php?postid=<?php echo $row_rs['postid']; ?>">回复留言</a></span></p></td> <td><p align="center"><span class="style4"><a href="admindelpost.php?postid=<?php echo $row_rs['postid']; ?>">删除留言</a></span></p></td> <td><p align="center"><span class="style4"><a href="admindelreply.php?postid=<?php echo $row_rs['postid']; ?>">删除回复</a></span></p></td> <td><p align="center"><span class="style4"><a href="admincheckpost.php?postid=<?php echo $row_rs['postid']; ?>">审批留言</a></span></p></td> </tr> <?php } while ($row_rs = mysql_fetch_assoc($rs)); ?> </table> <p align="center"> </p> </body> </html> <?php mysql_free_result($rs); ?>
<?php require_once('Connections/conn.php'); require_once('inc/accesscheck.php'); require_once('inc/GetSQLValueString.php');?> <?php $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE posts SET replycontent=%s, replied=1, checked=1, adminname=%s WHERE postid=%s", GetSQLValueString($_POST['replycontent'], "text"), GetSQLValueString($_SESSION['MM_Username'], "text"), GetSQLValueString($_POST['postid'], "int")); mysql_select_db($database_conn, $conn); $Result1 = mysql_query($updateSQL, $conn) or die(mysql_error()); echo "<script type="text/javascript"><!-- alert('回复发表成功'); // --></script>"; } $colname_rs = "1"; if (isset($_GET['postid'])) { $colname_rs = (get_magic_quotes_gpc()) ? $_GET['postid'] : addslashes($_GET['postid']); } mysql_select_db($database_conn, $conn); $query_rs = sprintf("SELECT * FROM posts WHERE postid = %s", $colname_rs); $rs = mysql_query($query_rs, $conn) or die(mysql_error()); $row_rs = mysql_fetch_assoc($rs); $totalRows_rs = mysql_num_rows($rs); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <style type="text/css"><!-- .style1 {font-size: 18px; font-weight: bold; } .style2 {font-size: 14px} --></style><style type="text/css" bogus="1">.style1 {font-size: 18px; font-weight: bold; } .style2 {font-size: 14px}</style> </head> <body> <p align="center"><span class="style1">留言板 - 管理页面 - 回复留言</span></p> <p align="center"><span class="style2"><a href="adminmain.php" href="adminmain.php">管理页面</a><a href="newpost.php" href="newpost.php"></a> | <a href="logout.php" href="logout.php">退出登陆</a></span></p> <form method="post" name="form1" action="<?php echo $editFormAction; ?>"> <table align="center"> <tr valign="baseline"> <td nowrap align="right" valign="top">留言标题:</td> <td><?php echo $row_rs['topic']; ?></td> </tr> <tr valign="baseline"> <td nowrap align="right" valign="top">留言内容:</td> <td><?php echo $row_rs['content']; ?></td> </tr> <tr valign="baseline"> <td nowrap align="right" valign="top">回复内容:</td> <td> <textarea name="replycontent" cols="50" rows="5"><?php echo $row_rs['replycontent']; ?>
<?php $logoutGoTo = "admin.php"; session_start(); unset($_SESSION['MM_Username']); unset($_SESSION['MM_UserGroup']); if ($logoutGoTo != "") {header("Location: $logoutGoTo"); session_unregister('MM_Username'); session_unregister('MM_UserGroup'); exit; } ?> <?php $logoutGoTo = "admin.php"; session_start(); unset($_SESSION['MM_Username']); unset($_SESSION['MM_UserGroup']); if ($logoutGoTo != "") {header("Location: $logoutGoTo"); session_unregister('MM_Username'); session_unregister('MM_UserGroup'); exit; } ?>
<?php require_once('Connections/conn.php'); require_once('inc/GetSQLValueString.php');?> <?php $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO posts (username, topic, content) VALUES (%s, %s, %s)", GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['topic'], "text"), GetSQLValueString($_POST['content'], "text")); mysql_select_db($database_conn, $conn); $Result1 = mysql_query($insertSQL, $conn) or die(mysql_error()); echo "<script type="text/javascript"><!-- alert('留言发表成功'); // --></script>"; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <style type="text/css"><!-- .style1 { font-size: 18px; font-weight: bold; } .style2 {font-size: 14px} --></style><style type="text/css" bogus="1">.style1 { font-size: 18px; font-weight: bold; } .style2 {font-size: 14px}</style> </head> <body> <form method="post" name="form1" action="<?php echo $editFormAction; ?>"> <p align="center"><span class="style1">留言板 - 发表新留言</span></p> <p align="center"><span class="style2"><a href="viewposts.php" href="viewposts.php">浏览留言</a> | <a href="admin.php" href="admin.php">管理登陆</a></span></p> <table align="center"> <tr valign="baseline"> <td nowrap align="right">用户名:</td> <td><input type="text" name="username" value="" size="32"></td> </tr> <tr valign="baseline"> <td nowrap align="right">标题:</td> <td><input type="text" name="topic" value="" size="32"></td> </tr> <tr valign="baseline"> <td nowrap align="right" valign="top">留言内容:</td> <td> <textarea name="content" cols="50" rows="5"> <?php require_once('Connections/conn.php'); require_once('inc/GetSQLValueString.php');?> <?php $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO posts (username, topic, content) VALUES (%s, %s, %s)", GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['topic'], "text"), GetSQLValueString($_POST['content'], "text")); mysql_select_db($database_conn, $conn); $Result1 = mysql_query($insertSQL, $conn) or die(mysql_error()); echo "<script type="text/javascript"><!-- alert('留言发表成功'); // --></script>"; } ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <style type="text/css"><!-- .style1 { font-size: 18px; font-weight: bold; } .style2 {font-size: 14px} --></style><style type="text/css" bogus="1">.style1 { font-size: 18px; font-weight: bold; } .style2 {font-size: 14px}</style> </head> <body> <form method="post" name="form1" action="<?php echo $editFormAction; ?>"> <p align="center"><span class="style1">留言板 - 发表新留言</span></p> <p align="center"><span class="style2"><a href="viewposts.php" href="viewposts.php">浏览留言</a> | <a href="admin.php" href="admin.php">管理登陆</a></span></p> <table align="center"> <tr valign="baseline"> <td nowrap align="right">用户名:</td> <td><input type="text" name="username" value="" size="32"></td> </tr> <tr valign="baseline"> <td nowrap align="right">标题:</td> <td><input type="text" name="topic" value="" size="32"></td> </tr> <tr valign="baseline"> <td nowrap align="right" valign="top">留言内容:</td> <td> <textarea name="content" cols="50" rows="5">
<?php require_once('Connections/conn.php'); ?> <?php $currentPage = $_SERVER["PHP_SELF"]; $maxRows_rs = 10; $pageNum_rs = 0; if (isset($_GET['pageNum_rs'])) { $pageNum_rs = $_GET['pageNum_rs']; } $startRow_rs = $pageNum_rs * $maxRows_rs; mysql_select_db($database_conn, $conn); $query_rs = "SELECT * FROM posts WHERE checked=1 ORDER BY postid DESC"; $query_limit_rs = sprintf("%s LIMIT %d, %d", $query_rs, $startRow_rs, $maxRows_rs); $rs = mysql_query($query_limit_rs, $conn) or die(mysql_error()); $row_rs = mysql_fetch_assoc($rs); if (isset($_GET['totalRows_rs'])) { $totalRows_rs = $_GET['totalRows_rs']; } else { $all_rs = mysql_query($query_rs); $totalRows_rs = mysql_num_rows($all_rs); } $totalPages_rs = ceil($totalRows_rs/$maxRows_rs)-1; $queryString_rs = ""; if (!emptyempty($_SERVER['QUERY_STRING'])) { $params = explode("&", $_SERVER['QUERY_STRING']); $newParams = array(); foreach ($params as $param) { if (stristr($param, "pageNum_rs") == false && stristr($param, "totalRows_rs") == false) { array_push($newParams, $param); } } if (count($newParams) != 0) { $queryString_rs = "&" . htmlentities(implode("&", $newParams)); } } $queryString_rs = sprintf("&totalRows_rs=%d%s", $totalRows_rs, $queryString_rs); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <style type="text/css"><!-- .style1 { font-size: 18px; font-weight: bold; } .style2 {font-size: 14px} --></style><style type="text/css" bogus="1">.style1 { font-size: 18px; font-weight: bold; } .style2 {font-size: 14px}</style> </head> <body> <p align="center" class="style1">留言板 - 留言浏览</p> <p align="center" class="style2"><a href="newpost.php" href="newpost.php">发表留言</a> | <a href="admin.php" href="admin.php">管理登陆</a></p> <?php do { ?> <table width="500" border="1" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="116"><p align="right"><strong>用户名:</strong></p></td> <td width="378"><?php echo $row_rs['username']; ?></td> </tr> <tr> <td><p align="right"><strong>标题:</strong></p></td> <td><?php echo $row_rs['topic']; ?></td> </tr> <tr> <td><p align="right"><strong>留言内容:</strong></p></td> <td><?php echo $row_rs['content']; ?></td> </tr> <?php if($row_rs['replied']==1) { ?> <tr> <td><p align="right"><strong>回复:</strong></p></td> <td><p><?php echo $row_rs['replycontent']; ?></p> <p align="right"><strong>回复人:</strong><?php echo $row_rs['adminname']; ?></p></td> </tr> <?php } ?> </table> <br> <?php } while ($row_rs = mysql_fetch_assoc($rs)); ?> <p align="center"> <table border="0" width="50%" align="center"> <tr> <td width="23%" align="center"> <?php if ($pageNum_rs > 0) { // Show if not first page ?> <a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, 0, $queryString_rs); ?>">首页</a> <?php } // Show if not first page ?> </td> <td width="31%" align="center"> <?php if ($pageNum_rs > 0) { // Show if not first page ?> <a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, max(0, $pageNum_rs - 1), $queryString_rs); ?>">上一页</a> <?php } // Show if not first page ?> </td> <td width="23%" align="center"> <?php if ($pageNum_rs < $totalPages_rs) { // Show if not last page ?> <a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, min($totalPages_rs, $pageNum_rs + 1), $queryString_rs); ?>">下一页</a> <?php } // Show if not last page ?> </td> <td width="23%" align="center"> <?php if ($pageNum_rs < $totalPages_rs) { // Show if not last page ?> <a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, $totalPages_rs, $queryString_rs); ?>">尾页</a> <?php } // Show if not last page ?> </td> </tr> </table> </p> <p> </p> </body> </html> <?php mysql_free_result($rs); ?>