后台程序sign.php如下:
<?require("../opendata.php");?>
<?
session_start();
if($session_userid=="")
{
header("location:../message.php?&message=你没有登录,不能留言或回复&redirect=guestbook/guestbook.php?page=1&action=show");
break;
}
if($action=="sign")
{
if($say==""||$title=="")
{
header("location:../message.php?message=内容不完整&redirect=guestbook/guestbook.php?page=0%26action=show");
break;
} $say=htmlspecialchars($say);
$title=htmlspecialchars($title);
$say=str_replace(" "," ",$say);
$say=nl2br($say);
$now_time=getdate();
$ttime=$now_time["year"]."-".$now_time["mon"]."-".$now_time["mday"]." ".$now_time["hours"].":".$now_time["minutes"].":".$now_time["seconds"];
mysql_query("update count set maxgcount=maxgcount+1",$cn);
$rs=mysql_fetch_array(mysql_query("select maxgcount from count",$cn));
$session_userid;
$str="insert into guestbook (userid,title,say,click,rnum,ttime) values ('".$session_userid."','".$title."','".$say."',0,0,'#".$ttime."#')";
mysql_query($str,$cn);
mysql_query("update user set corn=corn+1 where userid='".$session_userid."'",$cn);
//echo $str;
header("location:guestbook.php?page=0&action=show");
}
elseif($action=="reply")
{
if($say==""||$title=="")
{
header("location:../message.php?message=内容不完整&redirect=guestbook/guestbook.php?show_id=".$reply_id."%26no_update_click=1%26action=show_reply");
break;
}
$say=htmlspecialchars($say);
$title=htmlspecialchars($title);
$say=str_replace(" "," ",$say);
$say=nl2br($say);
$now_time=getdate();
$ttime=$now_time["year"]."-".$now_time["mon"]."-".$now_time["mday"]." ".$now_time["hours"].":".$now_time["minutes"].":".$now_time["seconds"];
mysql_query("insert into guestbook(rid,userid,title,say,ttime) values (".$reply_id.",'".$session_userid."','".$title."','".$say."','#".$ttime."#')",$cn);
mysql_query("update guestbook set rnum=rnum+1 where guestbook.id=".$reply_id,$cn);
mysql_query("update user set corn=corn+1 where userid='".$session_userid."'",$cn);
header("location: guestbook.php?show_id=".$reply_id."&no_update_click=1&action=show_reply");
}
elseif($action=="delete"&&$session_power>=1)
{
if($database=="guestbook")
{
mysql_query("delete from guestbook where id=".$id,$cn);
mysql_query("delete from guestbook where rid=".$id,$cn);
}
if($database=="rguestbook")
{
mysql_query("delete from guestbook where id=".$id,$cn);
mysql_query("update guestbook set rnum=rnum-1 where id=".$rid,$cn);
}
header("location:guestbook.php?page=0&action=show");
}
?>
|