朋友写的一个简单的php音乐添加程序。
大体都很好,就是安全性不太灵光。几乎米有过滤。发出来看看吧,我琢磨下怎么改,功能还在完善中,也请路过的高手指点一二! config.php ?php //MySQL Set $hostname = localhost; //HostNmae $user = music; //userName $password = music; //UserPassWord
大体都很好,就是安全性不太灵光。几乎米有过滤。发出来看看吧,我琢磨下怎么改,功能还在完善中,也请路过的高手指点一二!
config.php
//MySQL Set
$hostname = "localhost"; //HostNmae
$user = "music"; //userName
$password = "music"; //UserPassWord
?>
index.php
音乐共享系统 V1.0
搜索歌曲:
搜索类型:
歌曲名 | 专辑名 | 歌手名 | 试听 | |
&t=1>=$mydata["Mname"]?> | &t=2>=$mydata["Mzhuanji"]?> | &t=3>=$mydata["Mmname"]?> | ","=$mydata["Mid"] ?>")>试听 |
mysql.php
include "config.php";
class ext_mysql
{
var $servername;
var $userid;
var $userpwd;
var $therlt;
function ext_mysql()
{
global $hostname;
global $user;
global $password;
$this->servername = $hostname;
$this->userid = $user;
$this->userpwd = $password;
}
function Open($dbname)
{
if($this->servername != "" || $this->userid != "")
{
$link = @mysql_connect($this->servername,$this->userid,$this->userpwd);
if($link)
{
@mysql_query("SET NAMES 'GBK'");
@mysql_select_db($dbname);
return TRUE;
}
else { return FALSE ; }
}
else { return FALSE ; }
}
function Close()
{
@mysql_close();
}
function setGetData($fieldsname,$formname,$swhere)
{
if($swhere=="")
{
$query_sql = "select " . $fieldsname . " from " . $formname;
}
else
{
$query_sql = "select " . $fieldsname . " from " . $formname . " where " . $swhere;
}
$this->therlt = @mysql_query($query_sql);
}
function endset() { @mysql_free_result($this->therlt);}
function NoneQuery($sql)
{
if(mysql_query($sql))
{
return TRUE;
}
else { return FALSE; }
}
}
?>
Newmusic.php
添加音乐(一人辛苦,大家方便)
if(isset($_POST["txtname"]))
{
include("mysql.php");
$mysql=@new ext_mysql();
$mysql->Open("host26");
$addtime=@date("Y-m-d");
$sql="insert into music(Mname,Mzhuanji,Mmname,Murl,Maddtime,Mgeci) values('";
$sql.= $_POST["txtname"]."','".$_POST["txtzhuanji"]."','".$_POST["txtmname"]."','";
$sql.=$_POST["txturl"]."','".$addtime."','".nl2br(htmlspecialchars($_POST["ntext"])). "')";
$re=$mysql->NoneQuery($sql);
$mysql->Close();
if($re)
{
echo "";
}
else
{
echo "";
}
}
?>
search.php
if(!isset($_GET["s"]) || $_GET["s"]=="")
{
die("错误的搜索参数!");
}
if(!$stype=(int)$_GET["t"])
{
die("错误的搜索参数!");
}
?>
搜索歌曲:
搜索类型:
歌曲名 | 专辑名 | 歌手名 | 试听 | |
=$mydata["Mname"] ?> | =$mydata["Mzhuanji"] ?> | =$mydata["Mmname"] ?> | ","=$mydata["Mid"] ?>")>试听 |
结果总数:=$fnum?>
showmusic.php
if(!isset($_GET["n"]) || $_GET["n"]=="")
{
die("错误的播放参数");
}
include "mysql.php";
$mysql=@new ext_mysql();
$mysql->Open("host26");
$mysql->setGetData("*","music","Mid=" . $_GET["n"]);
$mydata=mysql_fetch_array($mysql->therlt);
$Mname=$mydata["Mname"];
$Mgeci=$mydata["Mgeci"];
$mysql->endset();
$mysql->Close();
?>