用pdo实现的织梦后台留言板

时间:2021-09-04 19:21:44
<?php
//ini_set("display_errors", "On"); include("data/common.inc.php");
if($action=='save')
{
$title = '无标题';
$tid = 0;
$mid = 1;
$uname = "guest";
$email = "";
$homepage = "";
$qq = "";
$face = array_rand(array('01','02','03','04','05','06','07','08','13','14','15','16','17','18'), 1);
$msg = trim($_POST['msg']);
$ip = $_SERVER['REMOTE_ADDR'];
$dtime = time();
$ischeck = 0;
if($msg=='') {
return rtn(0, '对不起,您的留言内容不能为空!');
} pdo_conn();
$sql = "INSERT INTO `{$cfg_dbprefix}guestbook`(title,tid,mid,uname,email,homepage,qq,face,msg,ip,dtime,ischeck) VALUES (:title,:tid,:mid,:uname,:email,:homepage,:qq,:face,:msg,:ip,:dtime,:ischeck)";
//echo $sql;
$st = $pdo->prepare($sql);
$st->bindParam(':title', $title);
$st->bindParam(':tid', $tid);
$st->bindParam(':mid', $mid);
$st->bindParam(':uname', $uname);
$st->bindParam(':email', $email);
$st->bindParam(':homepage', $homepage);
$st->bindParam(':qq', $qq);
$st->bindParam(':face', $face, PDO::PARAM_STR);
$st->bindParam(':msg', $msg, PDO::PARAM_STR, 1000);
$st->bindParam(':ip', $ip);
$st->bindParam(':dtime', $dtime);
$st->bindParam(':ischeck', $ischeck);
$exec_result = $st->execute(); if($exec_result){
return rtn(1, '您已成功发表留言,但需审核后才能显示!');
}else{
return rtn(0, '对不起,发表留言失败,请稍候再试!');
}
} $page = $_GET['p'];
$page = isset($page) ? $page:1;
$page = (int)$page;
$page_size = 10; pdo_conn(); //页数和记录数
$tsql = "select count(1) as c from `{$cfg_dbprefix}guestbook` where ischeck=1";
$result = $pdo->query($tsql);
$tlist = $result->fetchAll();
$total = $tlist[0]['c'];
if(0==$total%$page_size){
$page_number = (int)($total/$page_size);
}else{
$page_number = (int)($total/$page_size + 1);
} if($page>$page_number){
$page = $page_number;
} if($page<1){
$page = 1;
} $start = ($page-1)*$page_size;
$sql = "select * from `{$cfg_dbprefix}guestbook` where ischeck=1 order by id desc limit {$start},{$page_size}";
$result = $pdo->query($sql);
$list = $result->fetchAll(); if($page>1){
$up = $page - 1;
}else{
$up = 1;
}
if($page<$page_number){
$down = $page + 1;
}else{
$down = $page_number;
}
$last = $page_number; function pdo_conn(){
global $pdo, $cfg_dbhost, $cfg_dbname, $cfg_dbuser, $cfg_dbpwd;
if(empty($pdo)){
$pdo = new PDO("mysql:host={$cfg_dbhost};dbname={$cfg_dbname};", $cfg_dbuser, $cfg_dbpwd, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES'utf8';"));
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
return $pdo;
} function rtn($status, $msg, $data=''){
$result = array('status'=>$status, 'msg'=>$msg, 'data'=>$data);
echo json_encode($result);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>留言板</title>
<meta name="keywords" content="">
<meta name="description" content="">
<link href="public/style_art.css" rel="stylesheet" type="text/css">
<link href="public/common.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="header_warp">
<div class="layout solid header">
<span class="white"></span>
</div>
</div> <div class="layout solid marb10"> <div class="con_box"> <div class="con_l">
<div class="con_ltit">留言板</div>
<div class="con_ltxt"> <div class="con_lsub"><a href="#write">我要留言</a></div> </div>
</div> <div class="con_r">
<div class="con_rpos">当前位置:<a href="http://sgsj.maoming.gov.cn/">主页</a> &gt; <a href="/guestbook.html">留言板</a> &gt; </div>
<div class="con_rtxt">
<table class="ltable" width="100%" cellspacing="0" cellpadding="0" border="0" align="center">
<?php
foreach($list as $k=>$item){
$uname = "guest_".$item['id'];
$ip = $item['ip'];
$ip_arr = explode(".", $ip);
$ip = $ip_arr[0].".".$ip_arr[1].".*.*";
$dtime = $item['dtime'];
$dtime = date('Y-m-d H:i', $dtime);
$msg = $item['msg'];
$face = $item['face'];
if(empty($face)) $face = "01";
?>
<tbody>
<tr class="ltr">
<td width="160" align="center" class="ltd"><b><?php echo $uname; ?></b></td>
<td height="26" class="timetd ltd"><img width="16" height="16" src="public/images/time.gif"> 时间: <?php echo $dtime; ?></td>
</tr>
<tr>
<td width="160" align="center" class="lefttd" rowspan="2"><table width="160" cellspacing="2" cellpadding="1" border="0" align="center">
<tbody>
<tr>
<td height="80" align="center"><img border="0" src="public/images/<?php echo $face; ?>.gif"></td>
</tr>
<tr>
<td align="center" height="20">IP:<?php echo $ip; ?></td>
</tr>
</tbody>
</table></td>
<td class="msgtd"><?php echo $msg; ?></td>
</tr>
</tbody>
<?php
}
?>
</table>
<br />
<table width="100%" cellspacing="0" cellpadding="0" border="0" align="center" class="pagetable">
<tbody>
<tr>
<td height="28" align="center">
<div class="pagelistbox">
<a href="guestbook.php">首页</a> <a href="guestbook.php?p=<?php echo $up; ?>">上一页</a> <a href="guestbook.php?p=<?php echo $down; ?>">下一页</a> <a href="guestbook.php?p=<?php echo $last; ?>">尾页</a> 共 <?php echo $page_number; ?> 页/<?php echo $total; ?> 条留言 转到:<input id="page" size="4" maxlength="10" value="<?php echo $page; ?>" type="text"><input value="Go" id="goto" type="button">
</div>
</td>
</tr>
</tbody>
</table>
<br />
<form name="form1" action="guestbook.php" method="post">
<a name="write" id="write"></a>
<table width="100%" cellspacing="1" cellpadding="4" border="0" bgcolor="#dedede" align="center" class="writetable">
<input type="hidden" value="save" name="action">
<tbody>
<tr>
<td class="writetd" colspan="2"><b style="padding-left:5px;">发布留言:</b><a name="write"></a></td>
</tr>
<tr bgcolor="#ffffff">
<td width="10%" nowrap="" align="center"><font color="#FF0000">*</font>留言内容:<br>
(1000字内) </td>
<td height="2" align="left"><textarea class="textarea ipt-txt" id="msg" rows="5" name="msg"></textarea></td>
</tr>
<tr bgcolor="#ffffff">
<td nowrap="" align="center" colspan="2"><input type="button" class="btn-2" value="提 交" id="btnSubmit" maxlength="1000">
&nbsp;&nbsp;
<input type="reset" class="btn-2" value="取 消" name="Submit2"></td>
</tr>
</tbody>
</table>
</form>
</div>
</div> </div> </div> </body>
</html>
<script type="text/javascript" src="templets/default/js/jquery-1.6.4.min.js"></script>
<script type="text/javascript">
window.onload = function(){
$("#msg").val(""); $("#goto").click(function(){
var page = $("#page").val();
if(!/^(\d+?)$/.test(page)){
$("#page").val("");
return alert("请输入数字!");
}
window.location.href = "guestbook.php?p=" + page;
}); $("#btnSubmit").click(function(){
var msg = $("#msg").val();
$.ajax({
type: "POST",
dataType: "json",
url: "guestbook.php?action=save",
data: "msg=" + msg,
success: function(json){
if(1==json.status){
$("#msg").val("");
alert(json.msg);
}else if(1==json.status){
alert(json.msg);
}else{
alert('对不起,发表留言失败,请稍候再试!');
}
},
error: function(data){
var response = data.responseText;
if(-1!=response.indexOf('zhuji.360.cn')){
return alert("您输入的留言内容含有危险字符,已被360拦截,请修改后重新输入!");
}
alert('对不起,发表留言失败,请稍候再试!');
}
});
});
}
</script>

Pdo::$instance->beginTransaction(); //开启事务

Pdo::$instance->rollBack(); //回滚

Pdo::$instance->commit(); //提交事务