电子商务师罗永强(Rossy)的博客

由于美工做了一些页面，不方便一一将程序套入HTML网页中，所以就偷懒用PHP程序语言读取数据交给JS去生成数据和分页列表，以下程序假设熟识PHP和HTML语言。
首先，PHP生成JS可以使用的字符串：
//newsjs.php
//create js file of news
//Rossy.cn@gmail.com
//2008-03-12 11:44

$page = (isset($_GET['page'])) ? $_GET['page'] : "1";
include_once("inc/jspages.php"); //分页程序
require_once("inc/mysql_class.php");//MYSQL数据库连接程序

$page_count = "10"; //每页记录数
if(!empty($page))
{
$start_page = ($page - 1) * $page_count;
}
else
{
$start_page = 0;
$page = 1;
}

$Db = new Mysql;
$sqlstr = " Where Type = 1 "; //筛选条件

$PHPINFO = $_SERVER['PHP_SELF'];
$query = $Db->Query("Select * FROM Table_n ".$sqlstr." orDER BY Id desc");
$tatol = $Db->FetchCount($query);//记录总数
$showpagestr = showpage($tatol, $page_count, $page, $PHPINFO);//分页程序
$sql="Select Id,Title FROM Table_n ".$sqlstr." orDER BY Id DESC LIMIT $start_page, $page_count";
$query = $Db->Query($sql);
if(($Db->FetchCount($query))<1)
{
$Str = "暫時沒有數據";
}
else
{
while ($rs = $Db->FetchArray($query))
{
$Str .= "
". $rs['Id'] ." ". $rs['Title'] ."

";
}
}
$Db->Close();

echo "function ShowData() {";
echo "document.write(\"".$Str."\")";
echo "}";

echo "function ShowPage() {";
echo "document.write(\"
".$showpagestr."

\")";
echo "}";
?>

然后在需要使用数据列表分页的网页上加上如下代码：

jspages.php代码如下：
//PHP带参数分页函数
//$total_num:记录总数
//$perpage:每页记录数
//$curr_page:当前页
//$curr_url:当前页面地址
//Rossy 2006-08-10
//最后更新：2008-03-17
//Rossy.cn@gmail.com
//http://www.ybfq.com

function showpage($total_num, $perpage, $curr_page, $curr_url) {
$showpagestr = '';
if($total_num > $perpage) {
$page = 10;
$offset = 2;

$pages = ceil($total_num / $perpage);
$from = $curr_page - $offset;
$to = $curr_page + $page - $offset - 1;
if($page > $pages) {
$from = 1;
$to = $pages;
} else {
if($from < 1) {
$to = $curr_page + 1 - $from;
$from = 1;
if(($to - $from) < $page && ($to - $from) < $pages) {
$to = $page;
}
} elseif($to > $pages) {
$from = $curr_page - $pages + $to;
$to = $pages;
if(($to - $from) < $page && ($to - $from) < $pages) {
$from = $pages - $page + 1;
}
}
}
$parse_url=parse_url($curr_url);
$url_query=$parse_url["query"];
if(!empty($url_query)){
$url_query=ereg_replace("(^|&)page=$curr_page","",$url_query);
$url=str_replace($parse_url["query"],$url_query,$curr_url);
if(!empty($url_query)) $url.="&page"; else $url.="page";
}else {
$url.="?page";
}
$showpagestr .= "總共記錄 : ". $total_num ."條  <<首頁  ";
for($i = $from; $i <= $to; $i++) {
if($i != $curr_page) {
$showpagestr .= "[$i] ";
} else {
$showpagestr .= '['.$i.'] ';
}
}
$showpagestr .= " 末頁>>";
$showpagestr .= "  跳轉";
for ($j=1; $j<=$pages; $j++) {
$showpagestr .= " if ($curr_page==$j) {
$showpagestr .= "selected>";
} else {
$showpagestr .= ">";
}
$showpagestr .= $j ."";
}
$showpagestr .= "";
}
return $showpagestr;
}
?>

使用AJAX验证用户名是否可用的功能一直很实用，现在就这个功能写个备忘。
说明：Mysql数据库，注册页面，PHP程序等默认为一般熟识。

首先，将传统的注册表单的用户名元素加上以下红色标记代码：

然后，在网页HEAD区加上以下Javascript代码：

之后，就是创建User.php读取该用户名是否有记录：
//connect mysql and get record
//Rossy.cn@gmail.com
//2008-04-25 16:20

include("mysql_class.php");
$Username = CheckData($name);
if ($Username!=""){
$Db = new Mysql;
$sqlc="Select Id FROM $Table_a Where UserName='". $Username ."'";
$query = $Db->Query($sqlc);
if(($Db->FetchCount($query))>0){
echo "對不起,此用戶名已被註冊,請換一個再試";
} else {
echo "恭喜,請用戶名可以註冊";
}
$Db->Close();
} else echo "用戶名爲空,請輸入用戶名";
?>

ASP发邮件代码：
利用JMAIL组件(可以到站长站下载)。
代码如下：
<%
Dim JMail

Set JMail=server.createobject("JMail.Message")
JMail.silent = true
JMail.Logging = true
JMail.Charset = "gb2312"
JMail.MailServerUserName = "ybfqlyq@overseatrade.net" 'Username of email
JMail.MailServerPassword = "password" 'Password of email
JMail.Priority = 2
JMail.From = "ybfqlyq@overseatrade.net"
JMail.FromName = "Rossy"
JMail.AddRecipient "Rossy.cn@gmail.com" 'repeat this line if send to many
'JMail.AddRecipient "Rossy@yahoo.cn"
'JMail.AddRecipient "ybfqlyq@tom.com"
JMail.Subject = "Mail from website" 'subject of email
JMail.Body = "内容1:gffdsafdssdfdsf 内容2:&t1dfssdfdsf" 'content of email
JMail.Send ("smtp.overseatrade.net") 'email server
JMail.Close()
set JMail = nothing
response.Write("Send Successfully")
%>

PHP发邮件代码：
利用搜索到的一个免费发送邮件的类。
代码如下：
include_once ("smtp.class.inc");

$smtp_server="smtp.overseatrade.net"; //email server
$smtp_user="ybfq@overseatrade.net"; //username
$smtp_pass="password"; //password
$from="ybfq@overseatrade.net";
$subject="A mail about keyword from overseatrade.net";
$priority="3";
$cc="";
$bcc="";

$mail = new SMTP($smtp_server,$smtp_user,$smtp_pass);

$header = $mail->make_header($from, $mailto, $subject, $priority, $cc, $bcc);
$header .= "Reply-To: ".$from." \r\n";
$header .= "Content-Type: text/html; charset=\"utf-8\" \r\n";
$header .= "Content-Transfer-Encoding: 8bit \r\n";
$header .= "MIME-Version: 1.0 \r\n";

$message = "Rossy is here waiting for you" //content of email

$error = $mail->smtp_send($from, $mailto, $header, $message, $cc, $bcc);
$Db->Close();
echo $error;
?>

smtp.class.inc源代码：
[code]
/**
* Class: smtp.class.inc
* Require:
* Optional:
* Beschreibung: A Class to send an E-Mail via SMTP and/or generate header
* Erstellt: 21. Mrz 2003, 18:49:36
* Letzte nderung: 29. Mrz 2003, 01:38:00
* Author: Jointy
* Copyright: @GPL Jointy
* Version: 1.00 (final)
*
* /////////////////////////////////////////////////////////////////////////////
* /////////////////////////////////////////////////////////////////////////////
* SMTP Variablen
*
* $smtp_server - Smtp Server Address
* optional:
* $smtp_user - Smtp Login User
* $smtp_pass - Smtp User Login Password
*
* /////////////////////////////////////////////////////////////////////////////
*
*
* /////////////////////////////////////////////////////////////////////////////
* Funktion Variablen
*
* function make_header($from, $mailto, $subject, $priority="3", $cc="", $bcc="", $gen_message_id="Y")
*
* $from - Sender Address (z.B. mustermann@web.de )
* $mailto - To: Address (z.B. String(",") or Array ( 0 => mustermann@gmx.net;
* 1 => hello@gmx.net; )
* $subject - E-Mail SubjectLine (string)
*
* optional:
* $priority - E-Mail Priority (default = "3")
* $cc && $bcc - CC and BCC Address (howto $mailto)
* $gen_message_id - (Y) Message-Id is generatet by function, (N) Message-Id must generate by your self or by SMTP-Server
*
*
*
* function &smtp_send($from, $mailto, $header, $message="", $cc=null, $bcc=null)
* $from - Sender Address (z.B. mustermann@web.de )
* $mailto - To: Addressen (z.B. String(",") or Array ( 0 => mustermann@gmx.net;
* 1 => hello@gmx.net; )
* $header - E-Mail Header generate by "make_header" or you make your own header
* optional:
* $message - Message Text
* $cc && $bcc - howto $mailto
*
*
* /////////////////////////////////////////////////////////////////////////////
* /////////////////////////////////////////////////////////////////////////////
**/

if (!isset($_SMTP_CLASS_INC)){
$_SMTP_CLASS_INC = 1;
class SMTP {

// SMTP-Server Vars !!! //
var $smtp_server;
var $smtp_user=null;
var $smtp_pass=null;

//Header Var !! //
var $header="";

// Socket Var !! //
var $smtp_socket;

// Fehler Var !! //
var $error="E-Mail send.";

function SMTP($smtp_server,$smtp_user="",$smtp_pass=""){
if(!trim($smtp_server)){
$this->smtp_server="";
}
$this->smtp_server= trim($smtp_server);
if($smtp_user!="" && $smtp_pass!=""){
$this->smtp_user= trim($smtp_user);
$this->smtp_pass= trim($smtp_pass);
}

}

function &smtp_put($string){
return fputs($this->smtp_socket, $string . "\r\n");
}

/*
The function make_header()

*/
function &make_header($from, $mailto, $subject, $priority="3", $cc="", $bcc="", $gen_message_id="Y"){

if (!preg_match( '/.+@.+/',$from)){
return $this->error="Sender Address is incorrekt";
}

// Message-ID: The message ID consists of Date+Time.Random.SenderAddress !!!
if($gen_message_id=="Y"){

$this->header = "Message-Id: <". date('YmdHis').".". md5(microtime()).".". strtoupper($from) ."> \r\n";
}

//From: Address
$this->header .="From: <" . $from . "> \r\n";

// To: Address
if(!is_array($mailto)){
$mailto=explode(",",$mailto);
}

while(list(,$mailto_address) = each( $mailto )){

if($mailto_address!=""){
$mailto_address=trim($mailto_address);
if(!preg_match( '/.+@.+/',$mailto_address)){
return $this->error = "This To: Address is incorrekt. Error: ".$mailto_address;
}
}
unset($mailto_address);
}
$mailto=implode(",",$mailto);
$this->header .="To: <".$mailto."> \r\n";

// Subject:
$this->header .="Subject: ".$subject." \r\n";

//Date: Standard Mail Format (z.B Sat, 22 Mar 2003 22:57:05 +0100 ) !!
$this->header .="Date: ". date('D, d M Y H:i:s O') ." \r\n";

// Check isset CC and/or BCC and check is it in right RFC format
if($cc!=""){
if(!is_array($cc)){
$cc=explode(",",$cc);
}

while(list(,$cc_address) = each ( $cc )){
if($cc_address!=""){
$cc_address = trim($cc_address);
if(!preg_match( '/.+@.+/',$cc_address)){
return $this->error="This CC Address is in correkt. Error: ".$cc_address;
}
}
unset($cc_address);
}

$cc=implode(",",$cc);
$this->header .= "CC: ".$cc." \r\n";
}

if($bcc!=""){
if(!is_array($bcc)){
$bcc=explode(",",$bcc);
}

while(list(,$bcc_address) = each ( $bcc )){
if($bcc_address!=""){
$bcc_address = trim($bcc_address);
if(!preg_match( '/.+@.+/',$bcc_address)){
return $this->error="This BCC Address is incorrekt. Error: ".$bcc_address;
}
}
unset($bcc_address);
}
$bcc=implode(",",$bcc);
$this->header .= "BCC: ".$bcc." \r\n";
}

// Set Priority default="3"!!!
if($priority!="3"){
$this->header .= "X-Priority: ".$priority." \r\n";
if($priority=="1" || $priority=="2"){
$this->header .= "X-MSMail-Priority: High \r\n";
}
if($priority=="4" || $priority=="5"){
$this->header .= "X-MSMail-Priority: Low \r\n";
}
}

return $this->header;

}

function &server_parse( $response )
{
$server_response = "";
while ( substr( $server_response, 3, 1 ) != ' ')
if ( !( $server_response = fgets($this->smtp_socket)))
return $this->error = "Couldn't read Server Response Code !!";
if ( substr( $server_response, 0, 3 ) != $response )
return $this->error = "Couldn't send E-Mail. Server Response: \" $server_response \" !!!";
return "";
}

/*
Funktion smtp_send()
*/
function &smtp_send($from, $mailto, $header, $message="", $cc="", $bcc=""){

if($this->smtp_server=="") return $this->error = "Without SMTP Server you can't send an e-mail !! ";

if($message!=""){
$message = preg_replace( "/(? }

if(!$this->smtp_socket=fsockopen($this->smtp_server, 25, $errno, $errstr, 30))
return $this->error="Couldn't connect to Smtp Server ($this->smtp_server) $errno : $errstr !!";

if($this->server_parse("220")){
return $this->error;
}
if(!$this->smtp_put("EHLO $this->smtp_server")){
return $this->error="Couldn't send EHLO Command !! ";
}
if($this->server_parse("250")){
return $this->error;
}
if(!empty($this->smtp_user) && !empty($this->smtp_pass)){

if(!$this->smtp_put("AUTH LOGIN")){
return $this->error =" Couldn't send \"AUTH LOGIN \" Command !!";
}
if($this->server_parse("334")){
return $this->error;
}
if(!$this->smtp_put(base64_encode($this->smtp_user))){
return $this->error="Couldn't send LOGIN USER !!";
}
if($this->server_parse("334")){
return $this->error;
}
if(!$this->smtp_put(base64_encode($this->smtp_pass))){
return $this->error="Couldn't send USER PASSWORD !!";
}
if($this->server_parse("235")){
return $this->error;
}
}
if(!$this->smtp_put("MAIL FROM: ".$from)){
return $this->error="Couldn't send \" MAIL FROM: $from \" !!";
}
if($this->server_parse("250")){
return $this->error;
}

if(!is_array($mailto)){
$mailto=explode(",",$mailto);
}
while(list(,$mailto_address) = each( $mailto )){
if($mailto_address!=""){
if(!preg_match( '/.+@.+/',$mailto_address)){
return $this->error = "This To: Address is in correkt. Error: ".$mailto_address;
}
if(!$this->smtp_put("RCPT TO: $mailto_address")){
return $this->error = "Couldn't send \" RCPT TO: $mailto_address \" !!";
}
if($this->server_parse("250")){
return $this->error;
}
}
unset($mailto_address);
}

if($cc!=""){
if(!is_array($cc)){
$cc=explode(",",$cc);
}

while(list(,$cc_address) = each ( $cc )){
if($cc_address!=""){
$cc_address=trim($cc_address);
if(!preg_match( '/.+@.+/',$cc_address)){
return $this->error="This CC Address is in correkt. Error: ".$cc_address;
}
if(!$this->smtp_put("RCPT TO: $cc_address")){
return $this->error = "Couldn't send \" RCPT TO: $cc_address \" !!";
}
if($this->server_parse("250")){
return $this->error;
}
}
}
unset($cc_address);
}

if($bcc!=""){
if(!is_array($bcc)){
$bcc=explode(",",$bcc);
}

while(list(,$bcc_address) = each ( $bcc )){
if($bcc_address!=""){
$bcc_address=trim($bcc_address);
if(!preg_match( '/.+@.+/',$bcc_address)){
return $this->error="This BCC Address is in correkt. Error: ".$bcc_address;
}
if(!$this->smtp_put("RCPT TO: $bcc_address")){
return $this->error = "Couldn't send \" RCPT TO: $bcc_address \" !!";
}
if($this->server_parse("250")){
return $this->error;
}
}
}
unset($bcc_address);
}

if(!$this->smtp_put("DATA")){
return $this->error="Couldn't send \" DATA \" Command !!";
}
if($this->server_parse("354")){
return $this->error;
}
if(!$this->smtp_put("$header")){
return $this->error="Couldn't send Header !!";
}
$this->smtp_put("\r\n");

if(!$this->smtp_put("$message")){
return $this->error="Couldn't send Mail !!";
}
$this->smtp_put(".");
if($this->server_parse("250")){
return $this->error;
}
$this->smtp_put("QUIT");
fclose($this->smtp_socket);

return $this->error;

}

}
}
?>
[/code]

一、对管理页面的限制访问。
应当隐藏管理脚本目录保证不轻易暴露给有企图的人。另外一种方面就是在与脚本相同的Web目录下创建.htaccess文件。该文件指示Apache对用户进行验证，只有在验证通过后才能返回该目录中的信息。若需要对特定目录进行验证，将以下代码放入名为.htaccess文件，该文件位于你为代码创建的目录下。
AuthType Basic
Authname "Administrators Only"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
为获得最佳效果，将该文件设置为对用户不可读，而只对网络服务器可读。在Unix系统中，这可以通过以下命令来设置：
chmod 644 /usr/local/apache/passwd/passwords

二、包含文件。
包含文件可以在程序中反复堆积相同的代码，减轻工作量，而且由于多个页面中使用同一代码，它还提高了页面的可维护性。可是，如果文件的扩展名为.inc或者其它可以显示在网上的文件，这将导致恶意用户轻易得到不应该暴露的数据，所以务必将这些文件保存在.php为扩展名的文件中。

三、在数据库中存储密码。
一般的加密方法是使用md5单向加密函数。实际上，还有另外一种更安全的函数，我们将其称之为sha1，代表安全哈希算法(secure hash algorithm)。sha1返回160位的字符串，而不像md5那样返回128位字符串，增加的长度有助于提高猜测原始密码值的难度。此外，sha1中使用的算法比md5中的算法更先进，使得破译密码的难度也大幅提升。

四、自动全局变量的问题。
禁用register_globals。还有就是，一定要初始化变量。这一简单步骤可以失败通过其它源发送数据的恶意企图，它还有助于使你的代码在几近无需成本的前提下实现可读性。

五、禁止访问数据库。
防止程序中出现PHP标准错误消息，将错误控制运算符（Error control operator,即符号@)添加到数据库函数调用之前。在调用die来停止所有进程后显示自定义的错误信息，仅给潜在攻击者提供最少的信息。

六、禁止外部主机访问数据库。
如果你的Mysql服务器与Web服务器同处相同的主机上，那么禁止外部用户访问数据库养虎遗患就显得十分必要了。这可以通过作为操作系统一部分的防火墙设置工具来实现。Mysql的标准TCP/IP端口号是3306。

七、创建独立数据库用户。
如果你的服务器上运行了多个应用程序，应该在Mysql中为每一个应用程序设置独立的数据库用户。这样，即使其中一个应用程序出现了安全漏洞，用于其它应该程序的数据也不会被破坏。

八、魔术引号问题。
PHP试图通过称为“魔术引号”的进程，使开发者避免陷入特殊字符被用于用户输入的危险。转义的字符如单引号(')和双引号(")，可以通过斜杠(\)来实现转义。默认情况下，将自动转义来自GET、POST和COOKIE操作的任何数据。转义进程就是在字符串上使用addslashes函数。如果服务器启用了magic_quotes，则可以不用手动添加addslashes函数。为了查看magic_quotes转义是否处于活动状态，可以使用get_magic_quotes_gpc函数。

(文章摘自O'Reilly系列的learning PHP & MySQL中文版)

FCKeditor是目前互联网上最好的在线编辑器。
smarty是一个使用PHP写出来的模板PHP模板引擎，它提供了逻辑与外在内容的分离，简单的讲，目的就是要使用PHP程序员同美工分离,使用的程序员改变程序的逻辑内容不会影响到美工的页面设计，美工重新修改页面不会影响到程序的程序逻辑，这在多人合作的项目中显的尤为重要。

在Smarty中调用FCKeditor的文件：
//FCKeditor in smarty
//Rossy.cn@gmail.com
//2007-09-12 13:14

require_once("conn.php");
require_once("class/Smarty.class.php");

$smarty = new Smarty();
$smarty->template_dir = "../templates";
$smarty->compile_dir = "../templates_c";
$smarty->left_delimiter = "<{";
$smarty->right_delimiter = "}>";

$editor = new FCKeditor("Content") ;
$editor->BasePath = "../FCKeditor/";
$editor->ToolbarSet = "Basic";
$editor->Value = "";
$FCKeditor = $editor->CreateHtml();

$smarty->assign('Title',"Rossy is here waiting for you");
$smarty->assign('FCKeditor',$FCKeditor);
$smarty->display('template.tpl');

?>

但，运用这一种方法在编辑资料的时候竟然FCKeditor传不了值，只是生成了一个空值的编辑器，所以只能换一种方法：
//FCKeditor in smarty
//Rossy.cn@gmail.com
//2007-09-12 13:18

require_once("conn.php");
require_once("class/Smarty.class.php");

$smarty = new Smarty();
$smarty->template_dir = "../templates";
$smarty->compile_dir = "../templates_c";
$smarty->left_delimiter = "<{";
$smarty->right_delimiter = "}>";

$editor = new FCKeditor("Content") ;
$editor->BasePath = "../FCKeditor/";
$editor->ToolbarSet = "Basic";
$editor->Value = "Here is a example of smarty and FCKeditor";

$smarty->assign('Title',"Rossy is here waiting for you");
$smartyl->assign_by_ref("FCKeditor",$editor);
$smarty->display('template.tpl');

?>

模板文件template.tpl：

Example

title:<{$Title}>

content:

<{$FCKeditor}>