require_once("config.php"); require_once("function.php"); session_start(); if($_SERVER["REQUEST_METHOD"] != "POST"){ //投稿前 //CSRF対策 setToken(); } else { //投稿後 checkToken(); $name = $_POST["name"]; $email = $_POST["email"]; $memo = $_POST["memo"]; $error = array(); //エラー処理 if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ $error["email"] = "メールアドレスの形式が正しくありません"; } if($email == ""){ $error["email"] = "メールアドレスを入力して"; } if($memo == ""){ $error["memo"] = "内容を入力して"; } if(empty($error)){ //DBに格納 $dbh = connectDb(); $sql = "insert into entries (name, email, memo, created, modified) values (:name, :email, :memo, now(), now())"; $stmt = $dbh->prepare($sql); $params = array(":name" => $name, ":email" => $email, ":memo" => $memo); $stmt->execute($params); header("Location: thanks.html"); exit; } }
define("DSN", "mysql:host=localhost;dbname=test"); define("DB_USER", "user"); define("DB_PASSWORD", ""); error_reporting(E_ALL & ~E_NOTICE); session_set_cookie_params(0, "/contacts_php")
function connectDb(){ try{ return new PDO(DSN, DB_USER, DB_PASSWORD); }catch(PDOException $e){ echo $e->getMessage(); exit; } } function h($s){ return htmlspecialchars($s, ENT_QUOTES, "UTF-8"); } function setToken(){ if(!isset($_SESSION["token"])){ $_SESSION["token"] = sha1(uniqid(mt_rand(), true)); } } function checkToken(){ if(empty($_POST["token"])){ echo "不正な処理"; exit; } }
require_once("../config.php"); require_once("../function.php"); $dbh = connectDb(); $entries = array(); $sql = "select * from entries where status = 'active'"; foreach($dbh->query($sql) as $row){ array_push($entries, $row); }
require_once("../config.php"); require_once("../function.php"); $dbh = connectDb(); $id = (int)$_POST["id"]; $sql = "update entries set status = 'deleted' where id = $id"; $dbh->query($sql); echo $id;
require_once("../config.php"); require_once("../function.php"); session_start(); $dbh = connectDb(); if(preg_match("/^[1-9][0-9]*$/", $_GET["id"])){ $id = (int)$_GET["id"]; } else { echo "不正"; exit; } if($_SERVER["REQUEST_METHOD"] != "POST"){ //投稿前 //CSRF対策 setToken(); $stmt = $dbh->prepare("select * from entries where id = :id limit 1"); $stmt->execute(array(":id" => $id)); $entry = $stmt->fetch() or die("no found"); $name = $entry["name"]; $email = $entry["email"]; $memo = $entry["memo"]; } else { //投稿後 checkToken(); $name = $_POST["name"]; $email = $_POST["email"]; $memo = $_POST["memo"]; $error = array(); //エラー処理 if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ $error["email"] = "メールアドレスの形式が正しくありません"; } if($email == ""){ $error["email"] = "メールアドレスを入力して"; } if($memo == ""){ $error["memo"] = "内容を入力して"; } if(empty($error)){ $sql = "update entries set name = :name, email = :email, memo = :memo, modified = now() where id = :id"; $stmt = $dbh->prepare($sql); $params = array( ":name" => $name, ":email" => $email, ":memo" => $memo, ":id" => $id ); $stmt->execute($params); //var_dump($stmt->errorInfo()); //exit; header("Location: index.php"); exit; } }