第一个 php7.4示例 + mysql8

第一个 php7.4 + mysql8

 

 

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14

CREATE SCHEMA `infodb` ;     CREATE TABLE `infodb`.`info` (   `id` INT NOT NULL AUTO_INCREMENT ,   `question` VARCHAR(500)  NOT NULL,   `answer` VARCHAR(500)  NOT NULL,   `nickname` VARCHAR(50)  NULL,   `wxopenid` VARCHAR(50)  NULL,   `realname` VARCHAR(50)  NULL,   `cellphone` INT  NULL,   `remark` VARCHAR(5000)  NULL,   `createtime` datetime  NOT NULL DEFAULT now(),   PRIMARY KEY (`id`));

 

dbconfig.php

?

1 2 3 4 5 6

<?php  define("HOST","127.0.0.1:4407");  define("USER","root");  define("PASS","123"); define("DBNAME","infodb"); ?>

 

addinfo.php

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151

<?php //前端不报错 error_reporting( 0 );   //过滤sql注入关键字 function filter_sql( $str ) {     if ( empty( $str ) ) return false;     $str = htmlspecialchars( $str );     $str = str_replace( '/', '', $str );     $str = str_replace( '"', '', $str );     $str = str_replace( '(', '', $str );     $str = str_replace( ')', '', $str );     $str = str_replace( 'CR', '', $str );     $str = str_replace( 'ASCII', '', $str );     $str = str_replace( 'ASCII 0x0d', '', $str );     $str = str_replace( 'LF', '', $str );     $str = str_replace( 'ASCII 0x0a', '', $str );     $str = str_replace( ',', '', $str );     $str = str_replace( '%', '', $str );     $str = str_replace( ';', '', $str );     $str = str_replace( 'eval', '', $str );     $str = str_replace( 'open', '', $str );     $str = str_replace( 'sysopen', '', $str );     $str = str_replace( 'system', '', $str );     $str = str_replace( '$', '', $str );     $str = str_replace( "'", '', $str );     $str = str_replace( "'", '', $str );     $str = str_replace( 'ASCII 0x08', '', $str );     $str = str_replace( '"', '', $str );     $str = str_replace( '"', '', $str );     $str = str_replace( '', '', $str );     $str = str_replace( '&gt', '', $str );     $str = str_replace( '&lt', '', $str );     $str = str_replace( '<SCRIPT>', '', $str );     $str = str_replace( '</SCRIPT>', '', $str );     $str = str_replace( '<script>', '', $str );     $str = str_replace( '</script>', '', $str );     $str = str_replace( 'select', '', $str );     $str = str_replace( 'join', '', $str );     $str = str_replace( 'union', '', $str );     $str = str_replace( 'where', '', $str );     $str = str_replace( 'insert', '', $str );     $str = str_replace( 'delete', '', $str );     $str = str_replace( 'update', '', $str );     $str = str_replace( 'like', '', $str );     $str = str_replace( 'drop', '', $str );     $str = str_replace( 'DROP', '', $str );     $str = str_replace( 'create', '', $str );     $str = str_replace( 'modify', '', $str );     $str = str_replace( 'rename', '', $str );     $str = str_replace( 'alter', '', $str );     $str = str_replace( 'cas', '', $str );     $str = str_replace( '&', '', $str );     $str = str_replace( '>', '', $str );     $str = str_replace( '<', '', $str );     $str = str_replace( ' ', chr( 32 ), $str );     $str = str_replace( ' ', chr( 9 ), $str );     $str = str_replace( '    ', chr( 9 ), $str );     $str = str_replace( '&', chr( 34 ), $str );     $str = str_replace( "'", chr( 39 ), $str );     $str = str_replace( '<br />', chr( 13 ), $str );     $str = str_replace( "''", "'", $str );     $str = str_replace( 'css', "'", $str );     $str = str_replace( 'CSS', "'", $str );     $str = str_replace( '<!--', '', $str );     $str = str_replace( 'convert', '', $str );     $str = str_replace( 'md5', '', $str );     $str = str_replace( 'passwd', '', $str );     $str = str_replace( 'password', '', $str );     $str = str_replace( '../', '', $str );     $str = str_replace( './', '', $str );     $str = str_replace( 'Array', '', $str );     $str = str_replace( "or 1='1'", '', $str );     $str = str_replace( ';set|set&set;', '', $str );     $str = str_replace( '`set|set&set`', '', $str );     $str = str_replace( '--', '', $str );     $str = str_replace( 'OR', '', $str );     $str = str_replace( 'or', '', $str );     $str = str_replace( '"', '', $str );     $str = str_replace( '*', '', $str );     $str = str_replace( '-', '', $str );     $str = str_replace( '+', '', $str );     $str = str_replace( '/', '', $str );     $str = str_replace( '=', '', $str );     $str = str_replace( "'/", '', $str );     $str = str_replace( '-- ', '', $str );     $str = str_replace( ' -- ', '', $str );     $str = str_replace( ' --', '', $str );     $str = str_replace( '(', '', $str );     $str = str_replace( ')', '', $str );     $str = str_replace( '{', '', $str );     $str = str_replace( '}', '', $str );     $str = str_replace( '.', '', $str );     $str = str_replace( 'response', '', $str );     $str = str_replace( 'write', '', $str );     $str = str_replace( '|', '', $str );     $str = str_replace( '`', '', $str );     $str = str_replace( ';', '', $str );     $str = str_replace( 'etc', '', $str );     $str = str_replace( 'root', '', $str );     $str = str_replace( '//', '', $str );     $str = str_replace( '!=', '', $str );     $str = str_replace( "$", '', $str );     $str = str_replace( '&', '', $str );     $str = str_replace( '&&', '', $str );     $str = str_replace( '==', '', $str );     $str = str_replace( '#', '', $str );     $str = str_replace( '@', '', $str );     $str = str_replace( 'mailto:', '', $str );     $str = str_replace( 'CHAR', '', $str );     $str = str_replace( 'char', '', $str );     return $str; }   // 加载数据库配置信息 require 'dbconfig.php'; // 连接mysql数据库 $mydb =  new mysqli( HOST, USER, PASS, DBNAME ) or die( 'database not connnected '.mysql_error() );     //设置文件头-默认中文编码 header( 'Content-Type:application/json; charset=utf-8' );   //判断参数是否为空 if ( isset( $_GET[ 'question' ] ) && isset( $_GET[ 'answer' ] ) && isset( $_GET[ 'wxopenid' ] ) ) {     // 获取信息     $question = filter_sql( $_GET[ 'question' ] );     $answer = filter_sql( $_GET[ 'answer' ] );     //$nickname = filter_sql( $_GET[ 'nickname' ] );     $wxopenid = filter_sql( $_GET[ 'wxopenid' ] );     //$realname = filter_sql( $_GET[ 'realname' ] );     //$cellphone = filter_sql( $_GET[ 'cellphone' ] );     //$remark = filter_sql( $_GET[ 'remark' ] );       $sql = "INSERT INTO info(question,answer,wxopenid) VALUES ('$question','$answer','$wxopenid')";     // 插入数据     $mydb->query( $sql ) or die( 'add data error:'.mysql_error() );       //定义数组     $arr = array( 'Status' => 1 );     //返回json数据     exit( json_encode( $arr ) ); }   //定义数组 $arr = array( 'Status' => 0 ); //返回json数据 exit( json_encode( $arr ) );   //test:http://localhost:8011/saveinfo.php?question = 1&answer = 2&nickname = 3&wxopenid = 4&realname = 5&cellphone = 6&remark = 7 ?>