小型bbs论坛系统开发7 会员帖子发布页

<?php
include_once './inc/config.inc.php';
include_once './inc/mysql.inc.php';
include_once './inc/tool.inc.php';

//数据库连接
$link = sql_connect();

//验证登录状态
if(!$member_id=is_login($link)){
skip('login.php?url=publish.php','error','请先登录！');
}

if(isset($_POST['submit'])){
//一、验证表单数据
//1.)如果没有填写帖子标题
if(empty($_POST['title'])){
skip('publish.php','error','请填写标题');
}
//2.)如果标题长度超过66个字符
if(mb_strlen($_POST['title'],'utf8') > 66){
skip('publish.php','error','标题长度大于66位');
}
//3.)如果帖子没有写内容
if(empty($_POST['content']) || mb_strlen($_POST['content'],'utf8') < 2){
skip('publish.php','error','您输入的内容小于2个字符！');
}
//4.如果板块id不是数字字符串或者未被选择。
if($_POST['module_id'] == 0 || !is_numeric($_POST['module_id'])){
skip('publish.php','error','板块id参数传递不合法！');
}

//二、表单特殊字符转义

//入库前将数据转义
$_POST = sql_escape($link,$_POST);
//入库前的验证
//1.)如果所选的板块id不存在。
$query = "select * from sfk_son_module where id = {$_POST['module_id']}";
$result = sql_execute($link,$query);
if(mysqli_num_rows($result) < 1){
skip('publish.php','error','板块id不存在！');
}

//2.)如果该帖子已经存在。
$query = "select * from sfk_content where title = '{$_POST['title']}'";
$result = sql_execute($link,$query);
if(mysqli_num_rows($result) == 1){
skip('publish.php','error','这篇文章的标题已经存在过了');
}

//入库
$query = "insert into sfk_content(module_id,title,content,time,member_id)
values(
{$_POST['module_id']},
'{$_POST['title']}',
'{$_POST['content']}',
now(),
{$member_id}
)";
sql_execute($link,$query);
//入库后的验证
if(mysqli_affected_rows($link) == 1){
skip('publish.php','ok','发布成功！');
}else{
skip('publish.php','error','发布失败！');
}

}

?>

<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8" />
<title></title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link rel="stylesheet" type="text/css" href="style/public.css" />
<link rel="stylesheet" type="text/css" href="style/publish.css" />
</head>
<body>
<div class="header_wrap">
<div id="header" class="auto">
<div class="logo">sifangku</div>
<div class="nav">
<a class="hover">首页</a>
</div>
<div class="serarch">
<form>
<input class="keyword" type="text" name="keyword" placeholder="搜索其实很简单" />
<input class="submit" type="submit" name="submit" value="" />
</form>
</div>
<div class="login">
<a>登录</a> 
<a>注册</a>
</div>
</div>
</div>
<div style="margin-top:55px;"></div>
<div id="position" class="auto">
<a>首页</a>
</div>
<div id="publish">
<form method="post">
<select name="module_id">
<!--    <optgroup label="Swedish Cars">
<option value ="volvo">Volvo</option>
<option value ="saab">Saab</option>
</optgroup>
基本格式-->
<option value="0">请选择</option>
<?php
$query = "select * from sfk_father_module";
$result = sql_execute($link,$query);
while($f_data = (mysqli_fetch_assoc($result))){
echo "<optgroup label = '{$f_data['module_name']}'>";

$query = "select * from sfk_son_module where father_module_id = {$f_data['id']}";
$result1 = sql_execute($link,$query);
while($s_data = mysqli_fetch_assoc($result1)){
echo "<option value = '{$s_data['id']}'>{$s_data['module_name']}</option>";
}
echo "</optgroup>";
}
?>

</select>
<input class="title" placeholder="请输入标题" name="title" type="text" />
<textarea name="content" class="content"></textarea>
<input class="publish" type="submit" name="submit" value="" />
<div style="clear:both;"></div>
</form>
</div>
<div id="footer" class="auto">
<div class="bottom">
<a>私房库</a>
</div>
<div class="copyright">Powered by sifangku ©2015 sifangku.com</div>
</div>
</body>
</html>