朋友写的一个简单的php音乐添加程序。

大体都很好，就是安全性不太灵光。几乎米有过滤。发出来看看吧，我琢磨下怎么改，功能还在完善中，也请路过的高手指点一二！ config.php ?php //MySQL Set $hostname = localhost; //HostNmae $user = music; //userName $password = music; //UserPassWord

大体都很好，就是安全性不太灵光。几乎米有过滤。发出来看看吧，我琢磨下怎么改，功能还在完善中，也请路过的高手指点一二！

config.php

//MySQL Set
$hostname = "localhost"; //HostNmae
$user = "music"; //userName
$password = "music"; //UserPassWord
?>

---

index.php

搜索歌曲:

搜索类型:

歌曲名称
专辑名称
歌手名称

include "mysql.php";
if(!isset($_GET["page"]) || $_GET["page"] {
$PageID=1;
}
else
{
$PageID=(int) $_GET["page"];
}
if($PageID{
$UpPage=1;
}
else
{
$UpPage=$PageID-1;
}
$NextPage=$PageID+1;
$PageSize=10;
$PageUp = ($PageID - 1)*$PageSize;
$mysql=@new ext_mysql();
$mysql->Open("host26");
$mysql->setGetData("*","music limit $PageUp,$PageSize","");
while($mydata=mysql_fetch_array($mysql->therlt))
{
?>







}
$mysql->endset();
$mysql->Close();
?>

	歌曲名	专辑名	歌手名	试听
	&t=1>=$mydata["Mname"]?>	&t=2>=$mydata["Mzhuanji"]?>	&t=3>=$mydata["Mmname"]?>	","=$mydata["Mid"] ?>")>试听

---

mysql.php

include "config.php";
class ext_mysql
{
var $servername;
var $userid;
var $userpwd;
var $therlt;
function ext_mysql()
{
global $hostname;
global $user;
global $password;
$this->servername = $hostname;
$this->userid = $user;
$this->userpwd = $password;
}
function Open($dbname)
{
if($this->servername != "" || $this->userid != "")
{
$link = @mysql_connect($this->servername,$this->userid,$this->userpwd);
if($link)
{
@mysql_query("SET NAMES 'GBK'");
@mysql_select_db($dbname);
return TRUE;
}
else { return FALSE ; }
}
else { return FALSE ; }
}
function Close()
{
@mysql_close();
}
function setGetData($fieldsname,$formname,$swhere)
{
if($swhere=="")
{
$query_sql = "select " . $fieldsname . " from " . $formname;
}
else
{
$query_sql = "select " . $fieldsname . " from " . $formname . " where " . $swhere;
}
$this->therlt = @mysql_query($query_sql);
}
function endset() { @mysql_free_result($this->therlt);}
function NoneQuery($sql)
{
if(mysql_query($sql))
{
return TRUE;
}
else { return FALSE; }
}
}
?>

---

Newmusic.php

添加音乐(一人辛苦,大家方便)

歌曲名字:

歌曲专辑:

歌手姓名:

歌曲地址:

歌词:

if(isset($_POST["txtname"]))
{
include("mysql.php");
$mysql=@new ext_mysql();
$mysql->Open("host26");
$addtime=@date("Y-m-d");
$sql="insert into music(Mname,Mzhuanji,Mmname,Murl,Maddtime,Mgeci) values('";
$sql.= $_POST["txtname"]."','".$_POST["txtzhuanji"]."','".$_POST["txtmname"]."','";
$sql.=$_POST["txturl"]."','".$addtime."','".nl2br(htmlspecialchars($_POST["ntext"])). "')";
$re=$mysql->NoneQuery($sql);
$mysql->Close();
if($re)
{
echo "";
}
else
{
echo "";
}
}
?>

---

search.php

if(!isset($_GET["s"]) || $_GET["s"]=="")
{
die("错误的搜索参数!");
}
if(!$stype=(int)$_GET["t"])
{
die("错误的搜索参数!");
}
?>

搜索歌曲:

搜索类型:

歌曲名称
专辑名称
歌手名称

include "mysql.php";
$swhere = "";
switch($stype)
{
case 1:
$swhere="Mname = '" . $_GET["s"] . "'";
break;
case 2:
$swhere="Mzhuanji = '" . $_GET["s"] . "'";
break;
case 3:
$swhere="Mmname = '" . $_GET["s"] . "'";
break;
}
$mysql=@new ext_mysql();
$mysql->Open("host26");
$mysql->setGetData("*","music",$swhere);
if(!$fnum=@mysql_num_rows($mysql->therlt))
{
echo "没有找到相关信息..请返回重新搜索!";
$mysql->endset();
$mysql->Close();
return;
}
while($mydata=mysql_fetch_array($mysql->therlt))
{
?>







}
$mysql->endset();
$mysql->Close();
?>

	歌曲名	专辑名	歌手名	试听
	=$mydata["Mname"] ?>	=$mydata["Mzhuanji"] ?>	=$mydata["Mmname"] ?>	","=$mydata["Mid"] ?>")>试听

---

showmusic.php

if(!isset($_GET["n"]) || $_GET["n"]=="")
{
die("错误的播放参数");
}
include "mysql.php";
$mysql=@new ext_mysql();
$mysql->Open("host26");
$mysql->setGetData("*","music","Mid=" . $_GET["n"]);
$mydata=mysql_fetch_array($mysql->therlt);
$Mname=$mydata["Mname"];
$Mgeci=$mydata["Mgeci"];
$mysql->endset();
$mysql->Close();
?>

播放歌曲:=$Mname ?>


" autostart="true" loop="true" width=450 height=40 />

=$Mgeci?>