1.如果你的session设定了与cookie连接的话,那就真是有安全问题,因为session相当于服务器端的cookie,如果没有及时删除,可以让别人直接进入。不明吗:^_^
举个例子,我们用Session时,网页就通常会这样做http://... ? SESSIONID=".......",一串数字就是我们服务器对应ID值,用它可以直接找到user的名字。记住一点,我们的IE很会记录这些资料,我自己曾试过,小小方法就可以进入旧的资料窗口,不用登陆的,^_^2. 本人觉得按需而定3.从PHP4.10版本以上,它会自动帮你处理。^_^4.我们可以仿照OOP的思维模式,自己可以试试。具体就自己,领悟,最多给个提示你,把我们的table当成一个object,了解object - object 之间的关系吧。5.呵呵。手册有说,可能你的手册不全。如果要用精PHP,实在要多方面的知识与领悟。^_^,努力啊,加油!
举个例子,我们用Session时,网页就通常会这样做http://... ? SESSIONID=".......",一串数字就是我们服务器对应ID值,用它可以直接找到user的名字。记住一点,我们的IE很会记录这些资料,我自己曾试过,小小方法就可以进入旧的资料窗口,不用登陆的,^_^2. 本人觉得按需而定3.从PHP4.10版本以上,它会自动帮你处理。^_^4.我们可以仿照OOP的思维模式,自己可以试试。具体就自己,领悟,最多给个提示你,把我们的table当成一个object,了解object - object 之间的关系吧。5.呵呵。手册有说,可能你的手册不全。如果要用精PHP,实在要多方面的知识与领悟。^_^,努力啊,加油!
2.我认为按递增ID排序速度快吧,是有些时候,最新的包括插入的和经过修改的,那样只有用添加(修改)的日期来排序才可以了。
3,在PHP4.0以上的版本中由表单提交来得数据转为变量时一般会自动转义(加斜线),不需要再加了,需要注意的是,数据库中保存的文本取出来编辑的时候要先去斜线然后放入表单中。
4。速度够快,能适应将来的变化就行。
5。我没有用过 准备测试以下。
以上全部是个人观点,请指教。
对于1 希望给出好的解决方法,
我的一直的感觉是SESSION是有过期时间的,过了这个期限用传SID的方法不好使的.把TABLE当成OBJECT应该是ORM(对象关系映射)吧可惜这方面JAVA做的更好,PHP还没用过另外我在做一个新闻发布系统时打算对新闻分类显示页面做到可视化编辑,例如:SOHU,QIANLONG,的新闻程序在对页面元素定制方面很强,虽然有了些思路但
实现也很有难度,希望知晓这方面技术的高手指点一下
2 按不同的需求选择不同的方法
3 加斜线是为了安全。如不加用户可在URL中跳出WEB目录,访问任何他想要的目录
4 经验
5 在网上找。要想全。最好看英文。
我有个朋友叫许国欣。不知是不是你????????????
许国欣,呵呵,不是差了两个字
这里有一个没时间改你自己看看了
里边工具图片在这里
http://202.115.130.88/toolbar.gif
// require parameters [$title,$formaction,$tname,$action,$turnurl,$docsid,$contents]
$re_array=array("\n"=>"","'"=>"\'",'"'=>'\"',"\r"=>"");
$contents=strtr($contents,$re_array);
?>
<HTML xmlns:move>
<head><!--层的拖动//-->
<STYLE>
@media all
{
move:iframez {
cursor:hand;
width:260px;
height:370px;
background-image:url('../images/back1.gif');
behavior: url(winlessmovable.htc);
}
</style>
<SCRIPT>
var iOld = 0;
var oOld = null;
function clickIMove(oMove){
if (oMove.style.zIndex == 1000){
//oOld = oMove;
//iOld = oMove.style.zIndex;
}else{
if (oOld!=null)
oOld.style.zIndex = iOld;
oOld = oMove;
iOld = oMove.style.zIndex;
oMove.style.zIndex = 1000;
}
}</script>
<link rel="stylesheet" href="../include/style.css" type="text/css">
</head>
<body>
<div id="movelayer" style="display:none;">
<move:iframez id="square1" onclick="clickIMove(this)">
<font style="font-size:12px;color:#ffffff;padding-bottom:3px">
素材库——用鼠标拖动图片至指定位置</font>
<img onclick="javascript:movelayer.style.display='none';" src="../images/close_d.gif"><br>
<center><iframe id="oIframe" scrolling="no" style="width:96%;height:93%" src="../docs/template_select_pic.php"></iframe></center>
</move:iframez> </div>
<table width="100%" border="0" bordercolor="red" cellspacing=0 cellpadding="0">
<tr>
<td width=25></td>
<td width="100%" align="Center" valign="Top"><table width=100% border="0" bordercolor="red">
<tr>
<form action="<?php echo $formaction;?>" method="post" id=subvalue name=subvalue onsubmit="javascript:return savefile();">
<td>
标题:<input type=text value="<?php echo $tname;?>" id="tname" name="tname">
<input type=hidden name="action" value="<?php echo $action;?>">
<input type=hidden name=docsid value="<?php echo $docsid;?>">
<input type=hidden name=turnurl value="<?php echo $turnurl;?>">
<input type=hidden name=tempvalue value=''>
<input type=hidden name=p1 value="">
<input type=hidden name=p2 value="">
<script language="javascript">
function savefile()
{
if (document.all("tname").value==""){
alert("请输入模板标题!");return false;
}
var temp="";
temp=temp+EditCtrl.document.body.innerHTML;
document.all("tempvalue").value=temp;
im=confirm("您确定要保存文档吗?");
if (im) {
document.subvalue.submit();}
else {
return false;}
}
</script>
</td></form>
</tr>
</table>
<table height="100%" width="100%" border="0" bordercolor="red" cellspacing="0" cellpadding="0" bgcolor="#F9F9FA" bordercolor="#FFFFFF"><tr><td>
<table height="100%" width="100%" border="0" bordercolor=yellow cellspacing="2" cellpadding="0">
<FORM enctype="multipart/form-data" action=post.php method=post name=form1 onsubmit="document.form1.message.value=EditCtrl.document.body.innerHTML; return checkReply();" onReset="mr()" target=_parent>
<tr>
<td bgcolor="#F9F9FA" valign="top">
<script language="JavaScript">
var css1 = ("<html><head><style TYPE=\"text/css\">A:link { text-decoration: none; color: #0000FF }A:visited { text-decoration: none; color: #AA00CC }A:hover { text-decoration: underline; color: #FF0000 }A:active { text-decoration: none; color: #333333 }BODY { font-size: 10pt; color: #222222 }TABLE { font-size: 10pt; color: #000000; border-top: 0; border-bottom: 2;border-left: 0 }TD { font-size: 10pt; color: #000000; border-top: 0; border-right: 1 }FORM { font-size: 10pt }OPTION { font-size: 10pt }P { font-size: 10pt }BR { font-size: 10pt }.tds { line-height: 120% }div{RIGHT: 0px; POSITION: relative; TOP: 0px}.Hdiv{RIGHT: 6px; width: 120px; VISIBILITY: hidden; POSITION: absolute; TOP: 12px;}.ForumTitle :link { FONT-SIZE: 12pt }.ForumTitle :visited { FONT-SIZE: 12pt }.ForumTitle :hover { FONT-SIZE: 12pt }.ForumTitle :active { FONT-SIZE: 12pt }.hand { cursor:hand }.lm { font-family: Webdings; font-size: 16px; color: #636184; cursor: hand }.lmn { font-size: 9pt; color: #222222; cursor: hand }.lifont { font-family: Wingdings; font-size: 9px; color: #222222 }</style><head><body leftmargin=\"1\" topmargin=\"1\" marginwidth=\"1\" marginheight=\"1\" bgcolor=\"#F9F9FA\">");
var css2 = ("</body></html>");
function mr () {
var msg='<?php echo $contents;?>';
EditCtrl.document.body.innerHTML = msg;
}
function selectRange(){
edit = EditCtrl.document.selection.createRange();
RangeType = EditCtrl.document.selection.type;
}
function format (what,opt) {
EditCtrl.focus ();
selectRange ();
if (what == "newmsg" && confirm ("确定要新建文档吗?")) {
EditCtrl.document.body.innerHTML ="";
} else if (what == "saveas") {
savefile();
} else if (what == "table") {
var tablevar = showModalDialog ("maketable.html", "", "dialogWidth:23.6em; dialogHeight:11.3em; status:0");
if (tablevar != null) {
tablevar = tablevar.split("*");
var rows_v = tablevar[0];
var columns_v = tablevar[1];
var width_v = tablevar[2];
var widthtype_v;
if (tablevar[3]) var widthtype_v = "%";
var border_v = tablevar[4];
var cellspacing_v = tablevar[5];
var cellpadding_v = tablevar[6];
string = "<table border=\""+border_v+"\" width=\""+width_v+""+widthtype_v+"\" cellspacing=\""+cellspacing_v+"\" cellpadding=\""+cellpadding_v+"\">";
for (var i=1; i<=rows_v; i++){
string = string+"<tr>";
for (var i1=1; i1<=columns_v; i1++){
string = string+"<td></td>";
}string = string+"</tr>";
}string = string+"</table>";
edit.pasteHTML (string);
}} else if (what == "small" || what == "big") {
var strHTML;
if (RangeType == "Text"){
edittxt = "<" + what + ">" + edit.text + "</" + what + ">";
edit.pasteHTML (edittxt);
}} else if (what == "pic") {
if (RangeType == "Control") {
EditCtrl.document.execCommand("InsertImage",true);
} else {
var picvar = showModalDialog ("makepic.html", "", "dialogWidth:30em; dialogHeight:13em; status:0");
if (picvar != null) {
picvar = picvar.split("*");
var src_v = picvar[0];
if (src_v != "" && src_v != "http:\/\/") {
var arrange_v = picvar[3];
var border_v = picvar[4];
if (border_v == "") {
border_v = "0";
}var image = "<img src=\""+src_v+"\" alt=\""+alt_v+"\" border=\""+border_v+"\" align=\""+arrange_v+"\">";
var link_v = picvar[2];
if (link_v != "" && link_v != "http:\/\/") {
image = "<a href=\""+link_v+"\" target=\"_blank\">"+image+"</a>";
}edit.pasteHTML (image);
}}}} else if (what == "link") {
EditCtrl.document.execCommand("CreateLink",true);
} else if (opt == "") {
if (what == "ForeColor") {
opt = prompt("hy_lan_04025","");
} else if (what == "FontName") {
opt = prompt("hy_lan_04024","");
} else {
EditCtrl.document.execCommand (what);
}}if (opt != "" && opt != null && what != "saveas") {
EditCtrl.document.execCommand (what,"",opt);
}EditCtrl.focus ();
}function initEditor () {
EditCtrl.document.designMode="On";
EditCtrl.document.open();
EditCtrl.document.write(css1);
EditCtrl.document.write(css2);
EditCtrl.document.close();
mr ();
}</SCRIPT>
<table border="0" bordercolor="#00ffff" cellspacing="0" cellpadding="0" width="100%">
<tr><td bgcolor="#CCCCCC" width="300">
<table border="0" bordercolor="" cellspacing="0" cellpadding="0"><tr><td>
<script>
var buttons = new Array (8,23,23,4,23,23,23,23,4,23,23,4,23,23,23,25,8,23,23,23,4,23,23,4,23,23,23,4,23,23,23,25);
var action = new Array ("","newmsg","saveas","","Delete","Cut","Copy","Paste","","Undo","Redo","","insertHorizontalRule","table","pic","link","","bold","italic","underline","","small","big","","justifyleft","justifycenter","justifyright","","insertorderedlist","insertunorderedlist","outdent","indent");
var tooltip = new Array ("","新建","保存","","删除","剪切","复制","粘贴","","撤销键入","恢复键入","","直线","插入表格","插入图片","插入超级链接","","加粗","倾斜","下划线","","减小字号","增大字号","","左对齐","居中","右对齐","","编号","项目符号","减少缩进量","增加缩进量");
var left = 0, s = "";
for (var i=0; i<buttons.length; i++) {
s += "<span oncontextmenu=\"return(false)\" ondragstart=\"return false\" style=\"width: " + buttons[i] + "; position: relative; height: 26\">\n";
s += "<span style=\"width: " + (buttons[i]) + "; clip:rect(0 "+buttons[i]+" 26 "+0+"); position: absolute; margin: 0px; padding: 0; height: 26; top: 0; left: 0; overflow: hidden\">\n";
s += "<img border=\"0\" src=\"toolbar.gif\" style=\"position:absolute; top:0; left:-" + left + "\" width=\"596\" height=\"52\"";
if (buttons[i] != 4 && buttons[i] != 8) {
s += " onMouseOver=\"this.style.top=-26\" onMouseOut=\"this.style.top=0\" onClick=\"";
if (action[i] != "createLink") {
s += "format('" + action[i] + "',''); this.style.top = 0\" ";
} else {
s += "createLink(); this.style.top = 0\" ";
}s += "TITLE=\"" + tooltip[i] + "\"";
}s+="></span></span>";
left+=buttons[i];
}document.write (s);
</script>
</td></tr></table></td><td valign="top">
<table height="100%" border="0" cellspacing="2" cellpadding="0" style="height: 27px"><tr><td>
<select onChange="format ('FormatBlock',this[this.selectedIndex].value); this.selectedIndex=0" style="width: 100px">
<option>段落格式</option>
<option VALUE="<P>">普通<option VALUE="<PRE>">已编排格式<option VALUE="<H1>">标题一<option VALUE="<H2>">标题二<option VALUE="<H3>">标题三<option VALUE="<H4>">标题四<option VALUE="<H5>">标题五<option VALUE="<H6>">标题六</select>
<select onChange="format ('ForeColor',this[this.selectedIndex].style.color); this.selectedIndex=0" style="width: 100px">
<OPTION selected>文字颜色
<OPTION style="BACKGROUND: #000000; Color: #000000">Black
<OPTION style="BACKGROUND: #0000FF; Color: #0000FF">Blue 1
</select>
</td>
</tr>
</table>
<table height="100%" border="0" cellspacing="2" cellpadding="0">
<tr>
<td>
<select onChange="format('FontName',this[this.selectedIndex].value); this.selectedIndex=0" style="width: 100px">
<OPTION selected>字体
<OPTION value="geneva,arial,sans-serif">Arial
<OPTION value="courier, monospace">Courier
<OPTION value="Fixedsys">Fixedsys
<OPTION value="Tahoma">Tahoma
<OPTION value="times,serif">Times
<OPTION value="verdana,geneva,arial,sans-serif">Verdana
<OPTION value="Webdings">Webdings
<OPTION value="Wingdings">Wingdings
<OPTION value="楷体_GB2312">楷体
<OPTION value="宋体">宋体
<OPTION value="仿宋_GB2312">仿宋
<OPTION value="黑体">黑体
<OPTION value="隶书">隶书
<OPTION>自定义...</OPTION></select>
<SELECT class="select" onchange="format('fontSize',this[this.selectedIndex].text);this.selectedIndex=0" style="width: 100px">
<OPTION selected>字号<OPTION>1<OPTION>2<OPTION>3<OPTION>4<OPTION>5<OPTION>6<OPTION>7</OPTION>
</SELECT>
<?php
/*<input type="Button" value="素材库" onclick="javascript:document.all.oIframe.src='template_select_pic.php';movelayer.style.display='';">
*/
?>
<?php
if($select_model){
?>
<select name="template_id" id="template_id">
<option value=0>选择公文模板</option>
</select>
<input type="Button" class="button_01" value="载入模板" onclick="javascript:loadtemp();">
<script language="JavaScript">
function loadtemp(){
p1=document.all.template_id.value;
if(p1!=0){
if(confirm("套用模板将丢失已编辑的资料\n 是否继续?"))
document.all.contrl.src="contrl.php?docsid="+p1;
}else{
alert("请选择要使用的模板");
}
}
</script>
<iframe src="" id="contrl" name="contrl" width="0" height="0"></iframe>
<?php
}
?>
</td></tr></table></td></tr></table>
<table border="0" bordercolor=black cellspacing="0" cellpadding="0" height="480" width="100%"><tr><td colspan="2" id="editable">
<div id=printarea><iframe name="EditCtrl" style="height: 100%; width: 100%;" tabindex=4></iframe></div>
<input type=hidden name=message value=""></td></tr></table><script language="JavaScript">
initEditor();
</script>
</td>
</tr>
</table></td></tr></table></form>
</td>
<td width=25 ></td>
</tr>
</table>
</body>
</html>