第一个 php7.4 + mysql8
CREATE SCHEMA `infodb` ; CREATE TABLE `infodb`.`info` ( `id` INT NOT NULL AUTO_INCREMENT , `question` VARCHAR(500) NOT NULL, `answer` VARCHAR(500) NOT NULL, `nickname` VARCHAR(50) NULL, `wxopenid` VARCHAR(50) NULL, `realname` VARCHAR(50) NULL, `cellphone` INT NULL, `remark` VARCHAR(5000) NULL, `createtime` datetime NOT NULL DEFAULT now(), PRIMARY KEY (`id`));
dbconfig.php
<?php
define("HOST","127.0.0.1:4407");
define("USER","root");
define("PASS","123");
define("DBNAME","infodb");
?>
addinfo.php
<?php
//前端不报错
error_reporting( 0 );
//过滤sql注入关键字
function filter_sql( $str ) {
if ( empty( $str ) ) return false;
$str = htmlspecialchars( $str );
$str = str_replace( '/', '', $str );
$str = str_replace( '"', '', $str );
$str = str_replace( '(', '', $str );
$str = str_replace( ')', '', $str );
$str = str_replace( 'CR', '', $str );
$str = str_replace( 'ASCII', '', $str );
$str = str_replace( 'ASCII 0x0d', '', $str );
$str = str_replace( 'LF', '', $str );
$str = str_replace( 'ASCII 0x0a', '', $str );
$str = str_replace( ',', '', $str );
$str = str_replace( '%', '', $str );
$str = str_replace( ';', '', $str );
$str = str_replace( 'eval', '', $str );
$str = str_replace( 'open', '', $str );
$str = str_replace( 'sysopen', '', $str );
$str = str_replace( 'system', '', $str );
$str = str_replace( '$', '', $str );
$str = str_replace( "'", '', $str );
$str = str_replace( "'", '', $str );
$str = str_replace( 'ASCII 0x08', '', $str );
$str = str_replace( '"', '', $str );
$str = str_replace( '"', '', $str );
$str = str_replace( '', '', $str );
$str = str_replace( '>', '', $str );
$str = str_replace( '<', '', $str );
$str = str_replace( '<SCRIPT>', '', $str );
$str = str_replace( '</SCRIPT>', '', $str );
$str = str_replace( '<script>', '', $str );
$str = str_replace( '</script>', '', $str );
$str = str_replace( 'select', '', $str );
$str = str_replace( 'join', '', $str );
$str = str_replace( 'union', '', $str );
$str = str_replace( 'where', '', $str );
$str = str_replace( 'insert', '', $str );
$str = str_replace( 'delete', '', $str );
$str = str_replace( 'update', '', $str );
$str = str_replace( 'like', '', $str );
$str = str_replace( 'drop', '', $str );
$str = str_replace( 'DROP', '', $str );
$str = str_replace( 'create', '', $str );
$str = str_replace( 'modify', '', $str );
$str = str_replace( 'rename', '', $str );
$str = str_replace( 'alter', '', $str );
$str = str_replace( 'cas', '', $str );
$str = str_replace( '&', '', $str );
$str = str_replace( '>', '', $str );
$str = str_replace( '<', '', $str );
$str = str_replace( ' ', chr( 32 ), $str );
$str = str_replace( ' ', chr( 9 ), $str );
$str = str_replace( ' ', chr( 9 ), $str );
$str = str_replace( '&', chr( 34 ), $str );
$str = str_replace( "'", chr( 39 ), $str );
$str = str_replace( '<br />', chr( 13 ), $str );
$str = str_replace( "''", "'", $str );
$str = str_replace( 'css', "'", $str );
$str = str_replace( 'CSS', "'", $str );
$str = str_replace( '<!--', '', $str );
$str = str_replace( 'convert', '', $str );
$str = str_replace( 'md5', '', $str );
$str = str_replace( 'passwd', '', $str );
$str = str_replace( 'password', '', $str );
$str = str_replace( '../', '', $str );
$str = str_replace( './', '', $str );
$str = str_replace( 'Array', '', $str );
$str = str_replace( "or 1='1'", '', $str );
$str = str_replace( ';set|set&set;', '', $str );
$str = str_replace( '`set|set&set`', '', $str );
$str = str_replace( '--', '', $str );
$str = str_replace( 'OR', '', $str );
$str = str_replace( 'or', '', $str );
$str = str_replace( '"', '', $str );
$str = str_replace( '*', '', $str );
$str = str_replace( '-', '', $str );
$str = str_replace( '+', '', $str );
$str = str_replace( '/', '', $str );
$str = str_replace( '=', '', $str );
$str = str_replace( "'/", '', $str );
$str = str_replace( '-- ', '', $str );
$str = str_replace( ' -- ', '', $str );
$str = str_replace( ' --', '', $str );
$str = str_replace( '(', '', $str );
$str = str_replace( ')', '', $str );
$str = str_replace( '{', '', $str );
$str = str_replace( '}', '', $str );
$str = str_replace( '.', '', $str );
$str = str_replace( 'response', '', $str );
$str = str_replace( 'write', '', $str );
$str = str_replace( '|', '', $str );
$str = str_replace( '`', '', $str );
$str = str_replace( ';', '', $str );
$str = str_replace( 'etc', '', $str );
$str = str_replace( 'root', '', $str );
$str = str_replace( '//', '', $str );
$str = str_replace( '!=', '', $str );
$str = str_replace( "$", '', $str );
$str = str_replace( '&', '', $str );
$str = str_replace( '&&', '', $str );
$str = str_replace( '==', '', $str );
$str = str_replace( '#', '', $str );
$str = str_replace( '@', '', $str );
$str = str_replace( 'mailto:', '', $str );
$str = str_replace( 'CHAR', '', $str );
$str = str_replace( 'char', '', $str );
return $str;
}
// 加载数据库配置信息
require 'dbconfig.php';
// 连接mysql数据库
$mydb = new mysqli( HOST, USER, PASS, DBNAME ) or die( 'database not connnected '.mysql_error() );
//设置文件头-默认中文编码
header( 'Content-Type:application/json; charset=utf-8' );
//判断参数是否为空
if ( isset( $_GET[ 'question' ] ) && isset( $_GET[ 'answer' ] ) && isset( $_GET[ 'wxopenid' ] ) ) {
// 获取信息
$question = filter_sql( $_GET[ 'question' ] );
$answer = filter_sql( $_GET[ 'answer' ] );
//$nickname = filter_sql( $_GET[ 'nickname' ] );
$wxopenid = filter_sql( $_GET[ 'wxopenid' ] );
//$realname = filter_sql( $_GET[ 'realname' ] );
//$cellphone = filter_sql( $_GET[ 'cellphone' ] );
//$remark = filter_sql( $_GET[ 'remark' ] );
$sql = "INSERT INTO info(question,answer,wxopenid) VALUES ('$question','$answer','$wxopenid')";
// 插入数据
$mydb->query( $sql ) or die( 'add data error:'.mysql_error() );
//定义数组
$arr = array( 'Status' => 1 );
//返回json数据
exit( json_encode( $arr ) );
}
//定义数组
$arr = array( 'Status' => 0 );
//返回json数据
exit( json_encode( $arr ) );
//test:http://localhost:8011/saveinfo.php?question = 1&answer = 2&nickname = 3&wxopenid = 4&realname = 5&cellphone = 6&remark = 7
?>