开发者

im working on this php function list to make things easier.. im I go well so far? should i stop? am i doing something wrong?

<?php
    function con() {
        mysql_connect("localhost", "root", "") or die(mysql_error());
        mysql_select_db("main")or die(mysql_error());
        $connected = $_SESSION['connected'] = true;
        }
    function getinfo() {
    $string = "SELECT * FROM info";
    $q = mysql_query($string) or die(mysql_error());
    while($query = mysql_fetch_array($q)) {
        echo "id: " . $query['id']  . $query['msg'] . "<BR>";
        }
    }
    function writeform() {
       echo ' 
        <form action="" method="post">
    <table bgcolor="#111" width="274" border="0" align="center">
      <tr>
        <td colspan="2" align="center" bgcolor="#333">Authentication Required</td>
      </tr>
      <tr>
        <td width="94" align="center" bgcolor="#333">Username:</td>
        <td width="170" align="center" bgcolor="#333"><input type="text" name="username"></td>
      </tr>
      <tr>
        <td align="center" bgcolor="#333">Password :</td>
        <td align="center" bgcolor="#333"><input type="password" name="password"></td>
      </tr>
      <tr>
        <td colspan="2" align="center" bgcolor="#333"><input type="submit" name="submit" value="login"></td>
      </tr>
    </table>
    </form>';
    }
    function checklogin() {
    if(isset($_SESSION['loggedin']) and isset($_POST['username'])) {
        $_SESSION['username'] = $username;
        echo "Logged in as user : $username";
        } else { include("news.php");}

    }
    function login() {
            if(isset($_POST['username']) and isset($_POST['password'])) {
                        $username = $_POST['username'];
                        $username = stripslashes($username);
                        $username = mysql_real_escape_string($username);
                        $password = $_POST['password'];
                        $password = stripslashes($password);
                        $username = mysql_real_escape_string($username);
            }

            $sql_string = "SELECT * FROM login WHERE username = '$username' and password = '$password'";
            $sql_query  = mysql_query($sql_string) or die (mysql_error());

            if(mysql_num_rows>0){
                 echo "Logged in successfully";
                 $_SESSION['loggedin'] = true;
                 $_SESSION['username'] = $username;
            } //end mysql_num_rows
        }
    function secureuserpost() {
        //testing$isset = Array(id,username,password,location,website,facebook,occupation,avatar,active)
        $id = NULL;
        $username = $_POST['username'];
        $username = stripslashes($username);
        $username = mysql_real_escape_string($username);
        global $username;
        $password = $_POST['password'];
        $passw开发者_如何学JAVAord = stripslashes($password);
        $password = mysql_real_escape_string($password);
        global $password;
        $location = $_POST['location'];
        $location = stripslashes($location);
        $location = mysql_real_escape_string($location);
        global $location;
        $website = $_POST['website'];
        $website = stripslashes($website);
        $website = mysql_real_escape_string($website);
        global $website;
        $facebook = $_POST['facebook'];
        $facebook = stripslashes($facebook);
        $facebook = mysql_real_escape_string($facebook);
        global $facebook;
        $occupation = $_POST['occupation'];
        $occupation = stripslashes($occupation);
        $occupation = mysql_real_escape_string($occupation);
        global $occupation;
        $avatar = $_POST['avatar'];
        $avatar = stripslashes($avatar);
        $avatar = mysql_real_escape_string($avatar);
        global $avatar;
      }  
    function adminlogincheck() {
    //fix later//
    if(isset($_SESSION['loggedin']) and isset($_POST['username'])) {
            if(isset($_POST['submit'])) {
                    if(isset($_POST['username']) and isset($_POST['password'])) {
                        $username = $_POST['username'];
                        $username = stripslashes($username);
                        $username = mysql_real_escape_string($username);
                        $password = $_POST['password'];
                        $password = stripslashes($password);
                        $username = mysql_real_escape_string($username);
                    } //end if $_POST['username'] and password
                  $sql_string = "SELECT * FROM admin_login WHERE username = '$username' and password = '$password'";
                  $sql_query  = mysql_query($sql_string) or die (mysql_error());

            if(mysql_num_rows>0){
                 echo "Logged in successfully";
                 $_SESSION['loggedin'] = true;
                 $_SESSION['username'] = $username;
            } //end mysql_num_rows


            }/*end isset $_POST['submit'] */ else {
            echo "nothing submitted";
            }
        } //end login checkup
        else writeform();
    } //end function
    function addinfo($data) {
        con();
        $msg = $_POST['msg'];
        $msg = stripslashes($msg);
        $msg = mysql_real_escape_string($msg);
        $insert_query_line = "INSERT INTO info (id, msg) VALUES (NULL, '$msg')";
        $data = mysql_query($insert_query_line) or die ("<center>" . "<pre>" . "Error Adding Values:" . mysql_error() . "</pre>" . "</center>");

    }
    function adduser($id,$username,$password,$location,$website,$facebook,$occupation,$avatar,$active) {
       secureuserpost();
       $q = "INSERT INTO login (id,username,password,location,website,facebook,occupation,avatar,active) VALUES ($id,$username,$password,$location,$website,$facebook,$occupation,$avatar,'no')";
       $query = mysql_query($q) or die(mysql_error());
    }

?>


Not terrible, but I have some suggestions:

None of your functions have parameters. Instead, you use only global variables. There is no need to do this. You can have

function securepost($key) {
   return isset($_POST[$key])
      ? stripslashes(mysql_real_escape_string($_POST[$key]))
      : NULL
}

Then instead of sanitizing your post vars as you need them, you can just call

$var = post('password'); //etc.

functions are really supposed to be wrappers for common behavior, macros in a way. You don't need to define entire specific behavior and encapsulate them in functions.

mysql_connect("localhost", "root", "") or die(mysql_error()); is redundant. mysql_connect() already asserts a warning if it fails.

In getinfo(), you don't need to do SELECT *. Just select the data you need like SELECT id, msg ...

mysql_num_rows should be mysql_num_rows() I think.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜