skimrme/open-ww3-project-ww3-tw
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
f35aed0f6580ed6bf8cfdfdd1c1ac7708198e7e0
open-ww3-project-ww3-tw/public/blog/post/s/index.php
skimrme 432ea17e40 记录当前修改
2025-11-04 23:34:46 +08:00

100 lines
2.7 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
// 设置最大接受id
const MAX_ARTICLE_ID = 100000;
// 获取搜索栏url的id
$post_id = $_GET['id'] ?? null;
// 设定数据库路径
$db_path = '/var/www/owp/open-ww3-project-ww3-tw/databases/sqlite/owp.db';
/**
* 2. 严格的输入验证 (健壮性检查)
* 拦截所有非数字、无效范围或为空的输入
*/
if (
empty($post_id) ||
!is_numeric($post_id) ||
(int)$post_id <= 0 ||
(int)$post_id > MAX_ARTICLE_ID
) {
http_response_code(400); // HTTP 400 Bad Request
$error_msg = "错误:文章 ID 格式不正确。ID 必须是 1 到 " . MAX_ARTICLE_ID . " 之间的整数。";
die($error_msg);
}
// 通过检查后,将 ID 强制转换为整数
$post_id = (int)$post_id;
try {
/**
* 3. 连接 SQLite 数据库
* 注意:如果 PHP 运行用户没有读取此路径文件的权限,这里会失败。
*/
$db = new SQLite3($db_path);
/**
* 4. 准备 SQL 查询语句 (核心安全防线:预处理语句)
* 使用占位符 :id 代替用户输入。
*/
$sql = 'SELECT title, content FROM posts WHERE id = :id';
// 准备语句
$stmt = $db->prepare($sql);
// 绑定参数:将 :id 替换为 $post_id 的值,并明确指定它是一个整数类型
$stmt->bindValue(':id', $post_id, SQLITE3_INTEGER);
/**
* 5. 执行查询并获取结果
*/
$result = $stmt->execute();
// 从结果集中获取一行数据
$row = $result->fetchArray(SQLITE3_ASSOC);
/**
* 6. 显示内容或 404 错误
*/
if ($row) {
// 使用 htmlspecialchars() 函数防止 XSS 攻击
$title = $row['title'];
$content = $row['content'];
// --- 页面输出开始 ---
echo "<!DOCTYPE html>";
echo "<html lang='zh-CN'>";
echo "<head><meta charset='UTF-8'><title>{$title}</title></head>";
echo "<body>";
echo "<a href='https://ww3.tw'>返回主页</a>";
echo "<h1>{$title}</h1>";
// nl2br 用于将换行符转换成 <br>
echo "<article>" . nl2br($content) . "</article>";
echo "</body>";
echo "</html>";
// --- 页面输出结束 ---
} else {
// 文章未找到
http_response_code(404); // 404 Not Found
echo "<h1>404 Not Found</h1>";
echo "<p>抱歉ID 为 {$post_id} 的文章不存在。</p>";
}
/**
* 7. 清理资源
*/
$db->close();
//$stmt->close();
} catch (Exception $e) {
// 处理异常
http_response_code(500); // 500 Internal Server Error
error_log("SQLite 错误: " . $e->getMessage());
die("系统错误,请稍后重试。");
}
?>
Reference in New Issue View Git Blame Copy Permalink