有个IF语句要加到PHP文件里,不知道加在哪有效,格式怎么写,高手帮忙下 不知道这个$title和$body从哪过来的.也没有见到你用到这两个变量.所以你想在哪用到之前加上就可以了. 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 说明一下PHP文件是添加帖子的代码,$title和$body分别指的是标题和内容 难道你php.ini里register_global 是on,可以直接获取呀.否则要$title = $_POST['title'];$body = $_POST['body'];if(ereg("$cfg_notallowstr",$title)||ereg("$cfg_notallowstr",$body)){ ShowMsg("含有非法字符!.","-1"); exit(); } 谢谢楼上的大哥回答,我用的DEDECMS,不知道$title和$body是在哪个文件定义的,代码是article_add.php里的,IF语句是根据评论屏蔽字符改的,我现在要发帖子屏蔽字符,不知道加到哪 是我搞错了!!是要加到<?phprequire_once(dirname(__FILE__)."/config.php");CheckRank(0,0);$cfg_main_dftable = '#@__archives';$cfg_add_dftable = '#@__addonarticle';require_once(dirname(__FILE__)."/archives_addcheck.php");//对保存的内容进行处理//--------------------------------$sortrank = $senddate = $pubdate = mytime();$upscore = $cfg_send_score;if($cInfos['arcsta']==0){ $ismake = 0; $arcrank = 0;}else if($cInfos['arcsta']==1){ $ismake = -1; $arcrank = 0;}else{ $ismake = 0; $arcrank = -1;}$color = $shorttitle = '';$arcatt = $money = $typeid2 = 0;$title = ClearHtml($title);$title = cn_substr($title,80);$writer = cn_substr(trim(ClearHtml($writer)),30);$source = cn_substr(trim(ClearHtml($source)),50);$description = cn_substr(trim(ClearHtml($description)),250);$keywords = trim(cn_substr($keywords,60));$userip = GetIP();//处理上传的缩略图if(!empty($litpic)) $litpic = GetUpImage('litpic',true,true);else $litpic = "";$adminID = 0;$memberID = $cfg_ml->M_ID;$body = eregi_replace("<(iframe|script)","",$body);if(ereg("$cfg_notallowstr",$title)||ereg("$cfg_notallowstr",$body)){ ShowMsg("含有非法字符!.","-1"); exit(); }//加入主档案表//----------------------------------$inQuery = "INSERT INTO `$maintable`(ID,typeid,typeid2,sortrank,iscommend,ismake,channel,arcrank,click,money,title,shorttitle,color,writer,source,litpic,pubdate,senddate,arcatt,adminID,memberID,description,keywords,mtype,userip)VALUES ('$arcID','$typeid','$typeid2','$sortrank','0','$ismake','$channelid','$arcrank','0','$money','$title','$shorttitle','$color','$writer','$source','$litpic','$pubdate','$senddate','$arcatt','$adminID','$memberID','$description','$keywords','$mtype','$userip');";if(!$dsql->ExecuteNoneQuery($inQuery)){ $gerr = $dsql->GetError(); $dsql->ExecuteNoneQuery("Delete From `#@__full_search` where aid='$arcID'"); $dsql->Close(); ShowMsg("把数据保存到数据库 `$maintable` 时出错,请联系管理员!".$gerr,"-1"); exit();}//加入附加表//----------------------------------$addQuery = "INSERT INTO `$addtable`(aid,typeid,body{$inadd_f}) Values('$arcID','$typeid','$body'{$inadd_v})";if(!$dsql->ExecuteNoneQuery($addQuery)){ $gerr = $dsql->GetError(); $dsql->ExecuteNoneQuery("Delete From `$maintable` where ID='$arcID'"); $dsql->ExecuteNoneQuery("Delete From `#@__full_search` where aid='$arcID'"); $dsql->Close(); ShowMsg("把数据保存到附加表时出错,请联系管理员!".$gerr,"-1"); exit();}$dsql->ExecuteNoneQuery("Update `#@__member` set c1=c1+1,scores=scores+{$upscore} where ID='".$cfg_ml->M_ID."';");$cfg_ml->FushCache();$artUrl = MakeArt($arcID);//更新全站搜索索引$datas = array('aid'=>$arcID,'typeid'=>$typeid,'channelid'=>$channelid,'adminid'=>0,'mid'=>$memberID,'att'=>0, 'title'=>$title,'url'=>$artUrl,'litpic'=>$litpic,'keywords'=>$keywords, 'addinfos'=>$description,'uptime'=>$senddate,'arcrank'=>$arcrank,'mtype'=>$mtype);WriteSearchIndex($dsql,$datas);//写入Tag索引InsertTags($dsql,$keywords,$arcID,$memberID,$typeid,$arcrank);unset($datas);$dsql->Close();//---------------------------------//返回成功信息//----------------------------------$msg = "请选择你的后续操作:<a href='article_add.php?channelid=$channelid'><u>继续发表文章</u></a> <a href='article_edit.php?aid=".$arcID."'><u>更改文章</u></a> <a href='$artUrl' target='_blank'><u>预览文章</u></a> <a href='content_list.php?channelid=$channelid'><u>已发布文章管理</u></a> <a href='index.php'><u>会员主页</u></a>";$wintitle = "成功发布一个文章!";$wecome_info = "文档管理::发布文章";$win = new OxWindow();$win->mainTitle = "DedeCms发布文档成功提示";$win->AddTitle("成功发布一个文章:");$win->AddMsgItem($msg);$winform = $win->GetWindow("hand"," ",false);$win->Display();?> 求助自己网站发文章,自动同步到新浪微博 怎么将数据库中记录的用户ip转成所在地? 关于静态化的一些问题 调用表单的问题,大家帮忙给看下 mysql安装问题.can't create windows service for mysql. php有用于数据转换的函数吗? 请问一下array_search函数怎样使用?100分相酬! 关于生成图片缩略图的神秘问题-_-!! 同志们啦,可怜可怜我吧拉兄弟一把吧!!!! 如何用PHP把RDF内容插入到Web站点之中(5) sphinx已经搭建好,但是中文就是搜索不出来。求助。 正则小问题
可以直接获取呀.
否则要
$title = $_POST['title'];
$body = $_POST['body'];
if(ereg("$cfg_notallowstr",$title)||ereg("$cfg_notallowstr",$body))
{
ShowMsg("含有非法字符!.","-1");
exit();
}
<?php
require_once(dirname(__FILE__)."/config.php");
CheckRank(0,0);$cfg_main_dftable = '#@__archives';
$cfg_add_dftable = '#@__addonarticle';
require_once(dirname(__FILE__)."/archives_addcheck.php");//对保存的内容进行处理
//--------------------------------
$sortrank = $senddate = $pubdate = mytime();$upscore = $cfg_send_score;
if($cInfos['arcsta']==0){
$ismake = 0;
$arcrank = 0;
}
else if($cInfos['arcsta']==1){
$ismake = -1;
$arcrank = 0;
}
else{
$ismake = 0;
$arcrank = -1;
}$color = $shorttitle = '';
$arcatt = $money = $typeid2 = 0;
$title = ClearHtml($title);
$title = cn_substr($title,80);
$writer = cn_substr(trim(ClearHtml($writer)),30);
$source = cn_substr(trim(ClearHtml($source)),50);
$description = cn_substr(trim(ClearHtml($description)),250);
$keywords = trim(cn_substr($keywords,60));$userip = GetIP();
//处理上传的缩略图
if(!empty($litpic)) $litpic = GetUpImage('litpic',true,true);
else $litpic = "";
$adminID = 0;
$memberID = $cfg_ml->M_ID;$body = eregi_replace("<(iframe|script)","",$body);
if(ereg("$cfg_notallowstr",$title)||ereg("$cfg_notallowstr",$body))
{
ShowMsg("含有非法字符!.","-1");
exit();
}
//加入主档案表
//----------------------------------
$inQuery = "INSERT INTO `$maintable`(
ID,typeid,typeid2,sortrank,iscommend,ismake,channel,
arcrank,click,money,title,shorttitle,color,writer,source,litpic,
pubdate,senddate,arcatt,adminID,memberID,description,keywords,mtype,userip)
VALUES ('$arcID','$typeid','$typeid2','$sortrank','0','$ismake','$channelid',
'$arcrank','0','$money','$title','$shorttitle','$color','$writer','$source','$litpic',
'$pubdate','$senddate','$arcatt','$adminID','$memberID','$description','$keywords','$mtype','$userip');";if(!$dsql->ExecuteNoneQuery($inQuery)){
$gerr = $dsql->GetError();
$dsql->ExecuteNoneQuery("Delete From `#@__full_search` where aid='$arcID'");
$dsql->Close();
ShowMsg("把数据保存到数据库 `$maintable` 时出错,请联系管理员!".$gerr,"-1");
exit();
}//加入附加表
//----------------------------------
$addQuery = "INSERT INTO `$addtable`(aid,typeid,body{$inadd_f}) Values('$arcID','$typeid','$body'{$inadd_v})";
if(!$dsql->ExecuteNoneQuery($addQuery))
{
$gerr = $dsql->GetError();
$dsql->ExecuteNoneQuery("Delete From `$maintable` where ID='$arcID'");
$dsql->ExecuteNoneQuery("Delete From `#@__full_search` where aid='$arcID'");
$dsql->Close();
ShowMsg("把数据保存到附加表时出错,请联系管理员!".$gerr,"-1");
exit();
}$dsql->ExecuteNoneQuery("Update `#@__member` set c1=c1+1,scores=scores+{$upscore} where ID='".$cfg_ml->M_ID."';");
$cfg_ml->FushCache();$artUrl = MakeArt($arcID);//更新全站搜索索引
$datas = array('aid'=>$arcID,'typeid'=>$typeid,'channelid'=>$channelid,'adminid'=>0,'mid'=>$memberID,'att'=>0,
'title'=>$title,'url'=>$artUrl,'litpic'=>$litpic,'keywords'=>$keywords,
'addinfos'=>$description,'uptime'=>$senddate,'arcrank'=>$arcrank,'mtype'=>$mtype);
WriteSearchIndex($dsql,$datas);
//写入Tag索引
InsertTags($dsql,$keywords,$arcID,$memberID,$typeid,$arcrank);
unset($datas);
$dsql->Close();//---------------------------------
//返回成功信息
//----------------------------------$msg = "
请选择你的后续操作:
<a href='article_add.php?channelid=$channelid'><u>继续发表文章</u></a>
<a href='article_edit.php?aid=".$arcID."'><u>更改文章</u></a>
<a href='$artUrl' target='_blank'><u>预览文章</u></a>
<a href='content_list.php?channelid=$channelid'><u>已发布文章管理</u></a>
<a href='index.php'><u>会员主页</u></a>
";$wintitle = "成功发布一个文章!";
$wecome_info = "文档管理::发布文章";
$win = new OxWindow();
$win->mainTitle = "DedeCms发布文档成功提示";
$win->AddTitle("成功发布一个文章:");
$win->AddMsgItem($msg);
$winform = $win->GetWindow("hand"," ",false);
$win->Display();
?>