这是我第一次尝试编写一个非常简单的(单文件)博客引擎,使用 PHP 和 MySQL 构建。我想让一切变得简单,不想包含数百个文件、类等,因为我只想发布一些文本,仅此而已。我不需要插件、更改模板、API 或类似的东西。该脚本现在可以正常工作并运行良好,但我真的是一个新手,刚刚开始使用 php/mysql。 :)
所以我想要一些反馈,我做错了什么,什么可能太复杂或者是否有注入(inject)或类似的可能性?欢迎任何帮助和反馈(对我糟糕的英语感到抱歉!)。
我添加了一些评论,以便更容易理解我的想法:
<?php
///////////////////////////////////////////////////// BASE
// Whats the name of the blog and how many recent articles should shown on the front
$blogname = 'The basic blogname';
$anzahl = '3';
// Alright, let's connect to the database
include_once 'include/connect.php';
// I use this to generate german date (e.g.: March --> März)
setlocale (LC_ALL, 'de_DE@euro.utf8', 'de_DE.utf8', 'de.utf8', 'ge.utf8');
///////////////////////////////////////////////////// START >>> IF
// As we using htaccess with modrewrite, we want to know, what page-name the user requested
if (isset($_GET['slug'])) {
// I'm not sure, if it makes sense (mysqli_/mysql_?) to avoid injections? Any help is welcome!
$blog = mysql_escape_string($_GET['slug']);
// Alright, now we check the database and ask if the sitename exist and if the status is "online" (published/draft)
$result = mysqli_query($con,"SELECT * FROM entries WHERE slug='$blog' AND status = 'ONLINE'");
// We call the result and check, if there is a article in the database
$num_results = mysqli_num_rows($result);
if ($num_results > 0){
// We now also include the header-file, because there we also have the $title-variable for the site / browsertab
include 'header.php';
include_once 'markdown.php';
// Create variables from the database-fields, also convert the content with markdown
while($row = mysqli_fetch_array($result)){
$title = $row['title'];
$content = $row['content'];
$my_html = Markdown($content);
$date = $row['date'];
$date = strftime('%d. %B %G', strtotime($date));
// and final: show the article on the website
echo '<h2>' . $title . '</h2>';
echo '<div id="date">' . $date . '</div>';
echo '<div id="content">' . $my_html . '</div>';
echo '<div id="link"><a href="/simple/"' . $slug . '">Back to front-page</a></div>';
// we also inlucde the footer, so that we have a complete page - header/content/footer
include 'footer.php';
}
///////////////////////////////////////////////////// ELSE >>>
// but if there is NO entry in the database with this pagename...
} else {
// again we need the header
include 'header.php';
// then we say:
echo '<h2>Error</h2>';
echo '<div id="content">There is no article with this name!</div>';
echo '<div id="link"><a href="/simple/"' . $slug . '">Back to front</a></div>';
// and include the footer
include 'footer.php';
}
///////////////////////////////////////////////////// ELSE >>>
// But if the user just open the blog and don't request a name, we want to show him the last articles (3 - see top)...
} else {
// So again we call the database and request the last published entries and sort them, limited by the amount of given entries
$result = mysqli_query($con,"SELECT * FROM entries WHERE status = 'ONLINE' ORDER BY id DESC LIMIT $anzahl");
// Again include header and markdown
include 'header.php';
include_once "markdown.php";
// We generate variables from the datebase during the loop, also convert the excerpt with markdown
while($row = mysqli_fetch_array($result)){
$title = $row['title'];
$slug = $row['slug'];
$excerpt = $row['excerpt'];
$my_html = Markdown($excerpt);
$date = $row['date'];
$date = strftime('%d. %B %G', strtotime($date));
// And publish them on the website
echo '<h2><a href="/simple/' . $slug . '">' . $title . '</a></h2>';
echo '<div id="date">' . $date . '</div>';
echo '<div id="content">' . $my_html . '</div>';
echo '<div id="link"><a href="/simple/' . $slug . '">Read more...</a></div>';
}
// Last time, we include the footer again.
include 'footer.php';
}
///////////////////////////////////////////////////// <<< FINISH
?>
谢谢 - 是的,我愿意学习! :))
最佳答案
通过使用 SQL 抽象库和模板,您可以使代码更加整洁
$sql = "SELECT * FROM entries WHERE slug=?s AND status = 'ONLINE'";
$row = $db->getRow($sql, $_GET['slug']);
if ($row) {
$title = $row['title'];
$content = Markdown($row['content']);
$date = strftime('%d. %B %G', strtotime($row['date']));
$tpl = 'single.tpl.php';
include 'main.tpl.php'
} else {
include '404.php';
}
以及列表
$sql = "SELECT * FROM entries WHERE status = 'ONLINE' ORDER BY id DESC LIMIT ?i";
$data = $db->getAll($sql, $anzahl);
$tpl = 'list.tpl.php';
include 'main.tpl.php'
关于php - 创建了我的单文件博客 (php/mysql) - 反馈和注入(inject)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22606664/