上传2025_04_29备份作为记录
This commit is contained in:
100
public/blog/post/s/index.php
Normal file
100
public/blog/post/s/index.php
Normal file
@@ -0,0 +1,100 @@
|
||||
<?php
|
||||
// 设置最大接受id
|
||||
const MAX_ARTICLE_ID = 100000;
|
||||
|
||||
// 获取搜索栏url的id
|
||||
$post_id = $_GET['id'] ?? null;
|
||||
|
||||
// 设定数据库路径
|
||||
$db_path = '/var/www/owp/open-ww3-project-ww3-tw/databases/sqlite/owp.db';
|
||||
|
||||
|
||||
/**
|
||||
* 2. 严格的输入验证 (健壮性检查)
|
||||
* 拦截所有非数字、无效范围或为空的输入
|
||||
*/
|
||||
if (
|
||||
empty($post_id) ||
|
||||
!is_numeric($post_id) ||
|
||||
(int)$post_id <= 0 ||
|
||||
(int)$post_id > MAX_ARTICLE_ID
|
||||
) {
|
||||
http_response_code(400); // HTTP 400 Bad Request
|
||||
|
||||
$error_msg = "错误:文章 ID 格式不正确。ID 必须是 1 到 " . MAX_ARTICLE_ID . " 之间的整数。";
|
||||
die($error_msg);
|
||||
}
|
||||
|
||||
// 通过检查后,将 ID 强制转换为整数
|
||||
$post_id = (int)$post_id;
|
||||
|
||||
try {
|
||||
/**
|
||||
* 3. 连接 SQLite 数据库
|
||||
* 注意:如果 PHP 运行用户没有读取此路径文件的权限,这里会失败。
|
||||
*/
|
||||
$db = new SQLite3($db_path);
|
||||
|
||||
/**
|
||||
* 4. 准备 SQL 查询语句 (核心安全防线:预处理语句)
|
||||
* 使用占位符 :id 代替用户输入。
|
||||
*/
|
||||
$sql = 'SELECT title, content FROM posts WHERE id = :id';
|
||||
|
||||
// 准备语句
|
||||
$stmt = $db->prepare($sql);
|
||||
|
||||
// 绑定参数:将 :id 替换为 $post_id 的值,并明确指定它是一个整数类型
|
||||
$stmt->bindValue(':id', $post_id, SQLITE3_INTEGER);
|
||||
|
||||
/**
|
||||
* 5. 执行查询并获取结果
|
||||
*/
|
||||
$result = $stmt->execute();
|
||||
|
||||
// 从结果集中获取一行数据
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
|
||||
/**
|
||||
* 6. 显示内容或 404 错误
|
||||
*/
|
||||
if ($row) {
|
||||
// 使用 htmlspecialchars() 函数防止 XSS 攻击
|
||||
$title = $row['title'];
|
||||
$content = $row['content'];
|
||||
|
||||
// --- 页面输出开始 ---
|
||||
echo "<!DOCTYPE html>";
|
||||
echo "<html lang='zh-CN'>";
|
||||
echo "<head><meta charset='UTF-8'><title>{$title}</title></head>";
|
||||
echo "<body>";
|
||||
echo "<a href='https://ww3.tw'>返回主页</a>";
|
||||
echo "<h1>{$title}</h1>";
|
||||
|
||||
// nl2br 用于将换行符转换成 <br>
|
||||
echo "<article>" . nl2br($content) . "</article>";
|
||||
|
||||
echo "</body>";
|
||||
echo "</html>";
|
||||
// --- 页面输出结束 ---
|
||||
|
||||
} else {
|
||||
// 文章未找到
|
||||
http_response_code(404); // 404 Not Found
|
||||
echo "<h1>404 Not Found</h1>";
|
||||
echo "<p>抱歉,ID 为 {$post_id} 的文章不存在。</p>";
|
||||
}
|
||||
|
||||
/**
|
||||
* 7. 清理资源
|
||||
*/
|
||||
$db->close();
|
||||
//$stmt->close();
|
||||
|
||||
} catch (Exception $e) {
|
||||
// 处理异常
|
||||
http_response_code(500); // 500 Internal Server Error
|
||||
error_log("SQLite 错误: " . $e->getMessage());
|
||||
die("系统错误,请稍后重试。");
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user